Need to reach a WAN IP through a LAN to LAN IPSEC VPN
I hope you are all ok.
I have a LAN to LAN IPSEC VPN between these two TZ500. It is protecting source network address 192.168.1.0/24 and destination network address 192.168.3.0/24.
Everything is fine up to here.
Now, I need network address 192.168.1.0/24 to reach IP address 192.168.2.33 through the IPSEC VPN.
Is there any way to accomplish this? Some kind of NAT rule or anything else?
BWC Cybersecurity Overlord ✭✭✭
why not just adding 192.168.2.0/24 in the tunnel, no need for NAT that way. If I get you right, the 192.168.2.0/24 is a transfer net between your router and the remote TZ 500 on X1?
What you probably need is a NAT rule on the lower TZ 500 to hide behind the X1 IP if the 192.168.2.33 does not have a route back to 192.168.1.0/24 via 192.168.2.x - and you need a firewall rule from VPN -> WAN allowing your traffic to 192.168.2.33.
Hopefully this help a little?
You can include 192.168.2.0/24 network to the existing VPN. As long as the firewall at location B knows how to reach it, it should be accessible via VPN too.
Technical Support Advisor, Premier Services
I am going to do some tests with your thoughts...
It worked as you said.
I have put network address 192.168.2.0/24 inside the VPN configuration.
Then a NAT rule for 192.168.2.0/24 to go through X1 and an ACL rule to allow this traffic from VPN to WAN.
I'am glad that I could help, had this scenario myself a couple of times.