Ssg5 + IPsec + NAT



  • Hello all!
    Im zbig, and im new to this forum as well as to Juniper devices. I spent many hours on one silly problems i’d solve in a second on C…. device:
    a have a vpn concentrator and a ssg5 as a branch office devise. I established a IPSec tunnel between them a i can successfully pass traffic through it BUT:
    I have to hide all machines connected to SSG5 behind one IP different than egress interface IP. Lets say in trust zone i have 192.168.1.0/24 network and i want do source-nat this to single 1.1.1.1 address and pass it though IPsec tunnel.
    I cant do this, i tried but i cant. I know its something with DIP’s, but i tried many different configurations with no success. If NAT is disabled the traffic goes through. When i enable NAT in policy - nothing works. I cant even see any hits in this policy anymore (logging in enabled).
    PS. Im pretty sure IPsec is configured properly.

    Do you have any clue for me?
    Please help!



  • Hi. i solved the problem. I’ve bound a DIP to a wrong interface - Ethernet0/0 instead of tunnel.1. Silly me 🙂


 

41
Online

38.5k
Users

12.7k
Topics

44.5k
Posts