the packet is not being source natted to 220.127.116.11 when it is being sent out from the SG580 upon its return to the satellite office.
try as a workaround to create a source nat rule that does this translateion( will be the opposite of the DNAT rule )
Will give that a try again as I think I did try that first but will try again and see what happens.
Ok, I have since setup an ipsec tunnel between both locations to make life easier, but still having similar issue sort of.
I can ping/tracert between both internal networks. But now when an application at the satellite office sends a request to the headoffice, the headoffice router sends the reponse back to the satellite offices WAN IP rather than the internal IP. So similar issue to above but no sending to external rather than internal.
Any ideas as I was hoping with a full site to site VPN all my issues would go away.
1 of 1 people found this helpful
I'm not as familiar with SnapGears as I am with the larger McAfee Firewalls though I do have one running at home providing me with an IPSec tunnel back to the McAfee Firewall Enterprise appliance located at my company's offices. As I understand it, the presence of the site-to-site IPSec tunnel should automatically take control of this traffic before it is even seen by any other aspect of the Firewall.
However, I'm anticipating that there may be some residual routing/NAT configuration from your earlier attempts which may be confusing the situation. Have you removed these legacy settings?
On a couple of occasions I have experienced a situation where traffic should be sent over a VPN, but for reasons unknown it is not. Deleting and recreating the IPSec tunnel normally fixes it.
I will happily defer to Ross' expertise on this product, but hope that this proves to be useful to you.
Thanks for the reply, I did turn off my previous rules/filters but agree that could still be something that is adding to the issue. I will give your suggestion a go, backup the config and remove a lot of old configuration and test over the weekend as this is a live/production unit.
I will try deleting and recreating the VPN also, as you suggest.
Ok, so cleaned up my router and the ipsec tunnel is working correctly now.
I have posted a new issue, in a new thread.
Thanks to Ross and Phil