06-05-2012 10:48 PM
Hello PAN.
Trying to figure out why my connection on the VPN client was behaving a bit sporadic I noticed that *some* of the traffic send to the firewall from my GPA was using source IP = my client public IP, rather than my client private IP.
So. Some traffic is send with source IP = public IP, some traffic is being send with source IP = vpn IP.
VPN client i is tunnel mode, where only traffic to internal systems are being send to the firewall.
How can we make sure that tunnel traffic is only using source IP = vpn IP (so that it doesn't get dropped on the firewall) ?
Thanks
Jørgen
06-06-2012 12:34 PM
Hi...The remote client should be NAT'ed to one of the IPs in the VPN's ip pool if the traffic is going thru the VPN tunnel. The VPN tunnel should be on a different zone than the public external zone. Please take a look at the traffic log and check the src zone.
If you still need help, please open a case with Support. Thanks.
06-06-2012 12:49 PM
Yes - it *should* NAT with the VPN IP. But if I log dropped traffic on the firewall I see:
Inbound interface = VPN Tunnel interface
Source zone = our VPN zone
Source IP = my public IP
Destination zone = our internal zone (any of them 🙂 )
Destination IP = internal IP
So it is certainly not NAT'ing *all* the traffic. It's a bit of both - which of course cannot be good for performence.
Br
Jørgen
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
