Question regarding source NAT in S2S VPN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Question regarding source NAT in S2S VPN

L0 Member

Hi All,

 

I need to create a S2S Tunnel to a customer. We need to reach 1 Server on their side (e.g. 192.168.100.1). The connection is needed from multiple Hosts from 2 different Subents on our Side (10.0.112.0/21 and 172.18.2.0/24). The customer does not want to allow both subnets instead they want to allow only 1 IP.

Now my question is: Is it possible to create a NAT Rule to do source NAT (Source Zone LAN, Source Adresses 10.0.150.0/24 and 172.18.2.0/24 --> Destination Zone VPN, Destination Address 192.168.100.1 --> Source Translation Dynamic IP and Port with IP e.g. 172.16.1.1. With that setup the customer only needs to allow the IP 172.16.1.1 inside the tunnel.

In my understanding this should work since it's the same sceanario as when multiple Hosts are going to the Internet with the same public IP, corect?

Thank you all!

1 REPLY 1

Cyber Elite
Cyber Elite

Hi @shaq4242 ,

 

That is correct.  You could even skip the source subnets if you want.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
  • 288 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!