ER605 source nat on ipsec
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
hello,
I'd like to use a ER605 in a remote site to terminate a site-2-site ipsec VPN.
is it possible to install a ER605 in one-leg configuration and to do source ip nat on the internal network ip address?
Explaining better:
- I already have a firewall on site A (static public ip on the firewall)
- I already have a consumer router on site B (static public ip, internal ip 192.168.123.1/24 and nat to allow internal network 192.168.123.0/24 to reach internet)
- I'd like to install ER605 inside the network on site B with ip address 192.168.123.2 and gw 192.168.123.1 and ip forwarding on the router to forward ipsec (udp/500, esp and ah) from the public ip to the internal ip of the ER605)
- I need a site-2-site ipsec from firewall on site A to the ER605 on site B
- I want the ER605 to to source nat (on ip 192.168.123.2) for packets arriving from the ipsec and destination hosts on the 192.168.123.0/24 network)
I think all is ok, but I don't know if the ER605 is able to make the source nat (as I don't want to change default gw of the hosts on 192.168.123.0/24 network I need to contact from the ipsec) on the same interface where ipsec came in.
thanks
