AnsweredAssumed Answered

VPN connection with Destination NAT not working

Question asked by Michael Horne on May 7, 2018
Latest reply on Jun 6, 2018 by Günther W. Albrecht

Hello,

 

I am having trouble getting a destination NAT working for a VPN connection working.  I am sure it is a simple issue, but I have been banging my head against the wall with it for a couple of days.

 

I have a domain based VPN for a site to site VPN. The VPN doman is configured and working as I can bring up the VPN for some other connections that are not using destination NAT. The Interoperable Device is configure with a VPN Domain that includes the "real" and "NAT IP":

 

Remote                Local
192.168.2.10/32 10.0.0.0/8
10.191.34.10/32 10.0.0.0/8

 

The Access Policy is configure for testing to match from a host HTTP traffic with the VPN configured:

The NAT Policy is configured for a destination NAT from NAT_Server (192.168.2.10) to the H_Server (10.191.34.10)

My understanding is that this should map the NAT_Server (192.168.2.10) to the H_Server (10.191.34.10).  This does appear to work as I see with "fw monitor" the traffic arriving on the firewall on the expected eth1 and trying to leave on the expected eth3:

 

The problem is that the packet stops on the outbound chain "o".  In the log files I see the message about encryption failure: Different community ID, possible NAT problem (VPN Error code 01)

 

If someone is able to guide me in the right direction to solve this, it would be much appreciated.

 

Many thanks,

Outcomes