cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

VPN connection with Destination NAT not working

Hello,

I am having trouble getting a destination NAT working for a VPN connection working.  I am sure it is a simple issue, but I have been banging my head against the wall with it for a couple of days.

I have a domain based VPN for a site to site VPN. The VPN doman is configured and working as I can bring up the VPN for some other connections that are not using destination NAT. The Interoperable Device is configure with a VPN Domain that includes the "real" and "NAT IP":

Remote                Local
192.168.2.10/32 10.0.0.0/8
10.191.34.10/32 10.0.0.0/8

The Access Policy is configure for testing to match from a host HTTP traffic with the VPN configured:

The NAT Policy is configured for a destination NAT from NAT_Server (192.168.2.10) to the H_Server (10.191.34.10)

My understanding is that this should map the NAT_Server (192.168.2.10) to the H_Server (10.191.34.10).  This does appear to work as I see with "fw monitor" the traffic arriving on the firewall on the expected eth1 and trying to leave on the expected eth3:

The problem is that the packet stops on the outbound chain "o".  In the log files I see the message about encryption failure: Different community ID, possible NAT problem (VPN Error code 01)

If someone is able to guide me in the right direction to solve this, it would be much appreciated.

Many thanks,

6 Replies

Re: VPN connection with Destination NAT not working

0 Kudos

Re: VPN connection with Destination NAT not working

Hello,

I have been through many SKs, recently, but I will check them out.  I believe I have not looked at sk108600 yet.

0 Kudos

Re: VPN connection with Destination NAT not working

sk108600 is very helpfull for VPN with 3rd Party GWs.

0 Kudos

Re: VPN connection with Destination NAT not working

Were you able to resolve the issue yet ?

0 Kudos

Re: VPN connection with Destination NAT not working

Hi,  I checked with support and Domain based VPN does not work when the encryption domains overlap.

Re: VPN connection with Destination NAT not working

That is certainly true 😉