So, I have an established IPSec Site to Site tunnel.
Site A has a SonicWall, Site B has a EdgeRouter.
The first tunnel consists of Site A's NATed ips to Site B's NATed ips.
Everything works as expected.
Next, I have a public IP range that Site B needs to access, but, requests need to look like they have come from Site A. When I set up this tunnel, I can just see traffic drop at the gateway.
I can't access any of these ips. Due to the fact that it works fine in the same config for lan to lan, I believe it could be a NAT issue – but I am not certain, nor know how to diagnose further.
This could be a red herring as I wasn't very confident… I have tried putting in "allow all" rules on VPN>WAN/WAN>VPN, then filter to an individual IP, then ping it from site B… I see dropped packets.
Can anyone offer any advice here?
Best Answer
If I understand your question, you are trying to do this:
Server A - Router A - VPN - Router B - Site BYou need Site B to be able to access Server A (which is a public IP) over the VPN, but you need the source address to look like it is coming from Site A?
You'll need to specify traffic going to Server A to go over the VPN on Router B. On Router A, you'll need to specify the return traffic to go over the VPN. Next, on Router A, you'll need to configure the NAT rule, to change the SRC IP of the traffic coming from Site B and going to Server A to an IP address that Server A will accept.