IPsec with non-existing local subnet

Started by ooswald, January 09, 2023, 12:41:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 09, 2023, 12:41:40 PM Last Edit: January 09, 2023, 04:27:49 PM by ooswald
What is the general approach when a remote IPsec site expects our traffic to originate from a subnet which does not exist on our side?

I've established an IPsec tunnel to the remote site (10.100.0.0/16). The local subnet is configured as 10.100.8.96/28 (which is from where they expect our traffic). Tunnel is up:

Code Select
        con2[188]: ESTABLISHED 4 hours ago, *.*.*.*...*.*.*.*
        con2{554}:  INSTALLED, TUNNEL, reqid 2, ESP SPIs: *** ***
        con2{554}:   10.100.8.96/28 === 10.100.0.0/16

I added an outbound NAT with translation target set to 10.100.8.97.

Is this enough or do I need to configure anything else, such as a VIP?
Print
Go Up Pages1
User actions