Need to reach a WAN IP through a LAN to LAN IPSEC VPN

SEBASTIAN

Hi!

I hope you are all ok.

I have a LAN to LAN IPSEC VPN between these two TZ500. It is protecting source network address 192.168.1.0/24 and destination network address 192.168.3.0/24.

Everything is fine up to here.

Now, I need network address 192.168.1.0/24 to reach IP address 192.168.2.33 through the IPSEC VPN.

Is there any way to accomplish this? Some kind of NAT rule or anything else?

Thanks!

BWC

Hi @SEBASTIAN

why not just adding 192.168.2.0/24 in the tunnel, no need for NAT that way. If I get you right, the 192.168.2.0/24 is a transfer net between your router and the remote TZ 500 on X1?

What you probably need is a NAT rule on the lower TZ 500 to hide behind the X1 IP if the 192.168.2.33 does not have a route back to 192.168.1.0/24 via 192.168.2.x - and you need a firewall rule from VPN -> WAN allowing your traffic to 192.168.2.33.

Hopefully this help a little?

--Michael@BWC

shiprasahu93

Hello @SEBASTIAN,

You can include 192.168.2.0/24 network to the existing VPN. As long as the firewall at location B knows how to reach it, it should be accessible via VPN too.

https://www.sonicwall.com/support/knowledge-base/adding-a-subnet-to-an-existing-site-to-site-vpn-tunnel-sonicos-enhanced-kb-article-and/170503586678319/

Thanks!

SEBASTIAN

I am going to do some tests with your thoughts...

SEBASTIAN

Hi @BWC

It worked as you said.

I have put network address 192.168.2.0/24 inside the VPN configuration.

Then a NAT rule for 192.168.2.0/24 to go through X1 and an ACL rule to allow this traffic from VPN to WAN.

Thanks!

BWC

Hi @SEBASTIAN

I'am glad that I could help, had this scenario myself a couple of times.

--Michael@BWC