AnsweredAssumed Answered

VPN and three sites

Question asked by Teddy Brewski on Oct 24, 2018
Latest reply on Oct 24, 2018 by Maarten Sjouw

Hello

 

Three sites (1, 2, 3) all running R77.30.

 

Site2 acts a VPN hub, with both Site1 and Site3 having tunnels (to center only) established to Site2.

 

Encryption domains:

 

Site1: 1.1.1.1
Site2: 2.2.2.2
Site3: 3.3.3.3

 

We're trying to access Site3 from Site1 with the NAT rule on Site2:

 

Original Source: 1.1.1.1
Original Destination: 2.2.2.2
Translated Source: 2.2.2.2 (Hide)
Translation Destination: 3.3.3.3 (Hide)

 

Is this the right way to do it?

 

The NAT rule works. We see traffic encrypted from 1.1.1.1 to 2.2.2.2, but from 2.2.2.2 to 3.3.3.3, according to the tracker, it's sent in a clear text (just says Accept), although the rule number is correct and it's set to encrypt anything from 2.2.2.2 to 3.3.3.3 using Site2-to-Site3 VPN community.

 

Thank you.

Outcomes