Site-to-Site tunnel traffic being NAT'd

[dmor]

I'm seeing remote clients on the far-end of an IPSec tunnel appear to my PC as coming from my LAN IP of our Untangle NG (i.e. the LAN IP that is also the default gateway of my PC).

However, when I look at the sessions on the NG itself, it correctly shows the endpoint IPs on either end of the session.

Is there a way that I can stop the remote source IPs from being NAT'd by my LAN when they come across the tunnel?

Here's an example of what I see on my PC's netstat:

Code:

  TCP    192.168.131.204:445    192.168.131.2:51594    ESTABLISHED     4
  TCP    192.168.131.204:445    192.168.131.2:53939    ESTABLISHED     4

Here's a screenshot of the sessions shown on Untangle:
NG Sessions.png

[dmorris]

Are you talking about IPsec? Just check to make sure your NAT rules are correct and don't overmatch.
Nothing NATs IPsec traffic by default.

You can see what Untangle natted a session to by clicking the dropdown on one of the columns and displaying the "Client (Post-NAT)" column in the session viewer. Your screenshot has that column hidden, but if you add it you'll be able to more easily see whats going on.

[dmor]

Are you talking about IPsec?

Yes an IPSec site to site tunnel.

[dmor]

Just found this NAT rule was enabled. IDK yet if that is causing it.

big-nat-rule-enabled.png

[dmorris]

A rule that is configured to NAT all sessions will definitely NAT all sessions.

according to screenshot it is not enabled though...

[dmor]

Ha ha. That was it. Fixed! I don't know how that rule got in there... Thanks so much!!