Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Christian_Dave_
Participant

NAT is not working via VPN

I have a site to site VPN connection. The source address is not translating going to the destination. There's no tunnel established. I have a TAC already working but also can't resolve the issue. We have done multiple debugs but can't find relevant information. Also from the "fw monitor" we can see the traffic but i's not translating. What else we need to check? Appreciate your help guys.

8 Replies
Christian_Dave_
Participant

The VPN community is properly configured as per the client peer requirement. We have properly configured as well the vpn domain in the toplogy of both gateways.

The Rule  is (Source: Original Srouce IP; Destination: Destination IP; Port: https, http)

For the Nat rule: The source shold translate to another Public IP going to the original destination.

0 Kudos
PhoneBoy
Admin
Admin

Most obvious thing that comes to mind is the NAT setting in the community:

0 Kudos
Christian_Dave_
Participant

Hi Dameon,

Appreciated your response. I have checked that before already. Actually I have a TAC engaged already but still without success. We have tried to do a packet capture and still the source private ip is not translating to a public ip going to the destination. When we removed the vpn community on the rule, the source ip is translating.

What other things we need to check? Any idea?

0 Kudos
PhoneBoy
Admin
Admin

Can you send me the TAC SR in question (perhaps in a PM)?

0 Kudos
Christian_Dave_
Participant

Hi Dameon,

Appreciated your help. We reconfigure the vpn community and encryption domain. Now we are able to see the tunnel and able to see encrypted packets on the log.

0 Kudos
PhoneBoy
Admin
Admin

Glad you got it sorted out.

0 Kudos
Christian_Dave_
Participant

Thank You Dameon.. We figured out that the destination IP was included on our encrytion domain. That's why the source IP is not translating..

0 Kudos
wsusetio
Explorer

Hi, I have same issue. Tried to access the system that is on VPN but the source is not part of encryption domain. I nated the source to IP that is part of encryption domain. But it  is not translating. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events