Comments
-
Additional addendum: On the remote site, there is an access rule from LAN1 to IPSec_VPN, source 192.168.3.200, destination Any, service Any, user Any, Action Allow a route from source 192.168.3.200 destination Any, service Any, next hop IPSec_VPN-tunnel no NAT/SNAT policy for the 192.168.3.200 beyond the router default to…
-
Addendum: On the TZ500, there is an access rule from VPN to WAN, source Any, destination Any, Service Any, Action Allow, users All a NAT policy from original source 192.168.3.200 translated to X1 IP, destination Any to destination Original, service Any to service Original, inbound interface Any to outbound interface X1 a…
-
"a tunnel-mode VPN with static routes, and NAT policies at the TZ500 end to NAT the traffic appropriately": This is what I am attempting; I believe I have the remote site set to direct all traffic from the device (192.168.3.200) only through the TZ500. I have created a Route on the TZ500, as well as a NAT policy and a…
-
The issue was one of the appliance ports (X2-X7) had been assigned the same subnet as the remote location. (There had been a reason at the time, but the port subnet assignment hadn't been removed). The appliance therefore had two options for the remote subnet, and selected the higher priority, local one (no packets were…