investigating about nat over vpn site to site.

Alberto

I'm having trouble on nat over vpn site to site

my pc 10.8.1.87 is natted on 172.19.40.15

172.19.40.15 communicated via vpn site to site to remote peer 172.18.40.15

I send ping from 10.8.1.87 to 172.18.40.15.

I see on firewall this connection:

I see only packet send but no received packet.

I'm unable to capture packet of this connection:

I have no idea !

Alberto

i send image of vpn configuration

Saravanan

Hi @ALBERTO,

Welcome to SonicWall Community.

Have you done this NAT over VPN on both the site firewalls?

You may need to capture packets at both the site firewalls simultaneously to diagnose the issue and rectify. Please update here further.

Have a good one!!!

Alberto

Thanks I'm unable to have access to other peer, I can investigate only if I delivery my packets to the tunnel

Ajishlal

Hi @Alberto

Try after enable the "Keep Alive" & more information please go through the below KB.

NOTE: Ensure at least one side of the VPN has keep alive enabled to keep the tunnel active.

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-a-site-to-site-vpn-with-multiple-network-overlaps-nat-over-vpn/170817123531353/

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-nat-over-vpn-in-a-site-to-site-vpn/170515155805172/

Saravanan

@ALBERTO - Please perform a packet capture with filters as depicted below,

In the Sender firewall, you should see the ICMP packets destined for 172.18.40.15 with status as CONSUMED. This means sender firewall has forwarded the packets to the recipient firewall on the other end. To check if the packets from the sender firewall reaches the recipient firewall is to perform a packet capture on the recipient firewall.

Hope this helps.

Alberto

Thanks a lot. Sorry the problem is .... windows firewall on remote client :-(((

Saravanan

@ALBERTO - Awesome!!! Have a good one.