1 Reply Latest reply on Jul 22, 2010 4:50 PM by rcamm

    Routing to VPN destinations

      I have a network with all SnapGear routers (SG560, SG530 and a couple SG300) which are all connected via IPSEC tunnels.

      Each office has their own Internet connection (so we're not routing Internet traffic back through a central connection).

       

      One office has a SG530 and we have some inbound ports (Remote Desktop & other remote support tools) defined.

      This office just added another small satellite office with an SG300 connected via IPSEC.

       

      I need to configure some ports to come into the SG530 and transfer to equipment at the new office.

           SG530:     10.0.0.0/24

           SG300:     192.168.20.0/24

      I tried updating the NAT in the SG530 to change the RDT destination from 10.0.0.165 to 192.168.20.165.

       

      However, a connection cannot be established.

       

      I can RDT from the 10.0.0.x network to 192.168.20.165 successfully, so I know the network is working OK.

       

      Is there a way do this?

      Is the problem that the SG300 doesn't know to send the NAT'ed Internet traffic back to the SG530?

       

      Any suggestions?

       

      Thanks!

      John -Z-

        • 1. Re: Routing to VPN destinations

          If the 300 has its own internet link, it will send the reply back out the internet link, and as such comms will fail.

           

          If it does not have an internet link and is internal behind the 530, you will need to port forward on the 300 as well.

           

          If the link between the 530 and the 300 is over an IPSec tunnel, the phase two networks will have to include the source IP.

           

          An easy way to achieve these options is to also source nat the connection on the 530 so that it appears to come from the 530 LAN interface.

           

          hope this helps.