Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Baasanjargal_Ts
Advisor

Can't access static NATTed server behind remote peer network

Hello mates.

There is ipsec VPN tunnel between two checkpoints. Branch has two networks for staff and guests. Staff network 192.168.1.0/24 is on the VPN domain and guest network 192.168.2.0/24 is not added to the VPN domain. web server is behind headquarter firewall and static NATted. We can access that server from internet everywhere but just can't access from branch guest network. How to access that static NATted web server from guest network.?

topl2.png

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

What log messages show on one or both ends when this happens?
Even if the guest network isn’t in the encryption domain, the NAT address for the guest network probably is in the encryption domain (implicitly).

My guess is the guest network also needs to be in the encryption domain to fix this.
You should be able to prevent the guest network from accessing other things using access rules.

0 Kudos