Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Route Base VPN

Please any assistance here would be appreciated since im not too familiar with Sonicalls.


Running code 7NA6500. Created all VPN/IPsec tunnel configuration via CLI. This being a route policy a tunnel-interface vpn was created and attached the VPN profile to the GRE tunnel.

IPsec/GRE and BGP comes up and routes are being exchange. Able to ping the destination host right from the firewall sourcing the ping from X1 which has the source of the IP that im trying to NAT from lan to the destination hosts.


By the way the VPN policy - i did not checked the NAT policy under the advanced tab in the VPN policy. THe reason why i didnt enable or checked is bc i had created a NAT policy to:


LAN ==> source "translate" to the IP that is facing the outside interface => Destination host => everything is original or any. Interfaces i have it as LAN to any even did LAN to both GRE tunnels. No luck here...


What else from a NAT configuration needs to be done? IF enabling NAT on the VPN Policy do i still need NAT rules under the NAT policies?


How can i check the NAT stats if they are hitting, How do i check the global routing table from CLI ?

Category: High End Firewalls
Reply

Answers

  • dihegovdihegov Newbie ✭

    No response? Please your thoughts are valuable here!

    PDF Documentation doesnt talk about any of this topic

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    You're throwing words around and it's very confusing. How is the WAN configured on the Sonicwall (static IP)? Do you control the other end of the VPN tunnel? What is your end goal? It sounds like you want to apply NAT to VPN tunnel traffic, but again your post is very confusing.

  • dihegovdihegov Newbie ✭
    edited 12:07AM

    My apologies for the confusion but wanted to provide as much as data as possible.


    WAN link is static configured with a /28. Default route to the ISP provider.

    The other side of the tunnel is AWS - As far as control? Protocols and IPsec proposals as well as BGP configurations. Please note that all three are up; IPsec, GRE and BGP peerings. Just routing thru the firewall that is not working, something with the NAT policy that is not right. If i ping from the firewall to an end host sourcing the outside interface of the firewall since is the same IP as the source translate IP in the NAT config, it works. So routing is working but not if i ping from the lAN.

    The end goal is to route traffic from LAN behind the SonicWall to AWS hosts traversing the sonicwall and routing thru the GRE tunnels. NAT should be configured as one of the IPs in the /28, preferred as the outside interface IP.

Sign In or Register to comment.