This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
the_rock
MVP Diamond
MVP Diamond
‎2025-11-16 09:02 AM

Hey Roman,

Technically, decryption will happen first, then NAT, Make sure to enable nat inside vpn community if its needed. Rule itself may look like below:

Original packet:

  • Src: Remote network (or “Any” if you prefer)

  • Dst: NAT IP (the external-looking IP you want the remote side to hit)

  • Port: 443 (or any port)

Translated:

  • Translated Source: Original

  • Translated Destination: Real internal server IP

  • Translated Service: original (or mapped to 443 if different)

Example:

Original Src Original Dst Service Xlated Src Xlated Dst Xlated Svc
Remote LAN 10.10.10.10 (NAT IP) 443 Original 192.168.50.20 (Real server) 443
Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

(1)
Who rated this post