Results 1 to 6 of 6
  1. #1
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    687

    Default Site-to-Site tunnel traffic being NAT'd

    I'm seeing remote clients on the far-end of an IPSec tunnel appear to my PC as coming from my LAN IP of our Untangle NG (i.e. the LAN IP that is also the default gateway of my PC).

    However, when I look at the sessions on the NG itself, it correctly shows the endpoint IPs on either end of the session.

    Is there a way that I can stop the remote source IPs from being NAT'd by my LAN when they come across the tunnel?

    Here's an example of what I see on my PC's netstat:

    Code:
      TCP    192.168.131.204:445    192.168.131.2:51594    ESTABLISHED     4
      TCP    192.168.131.204:445    192.168.131.2:53939    ESTABLISHED     4
    Here's a screenshot of the sessions shown on Untangle:
    NG Sessions.png

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Are you talking about IPsec? Just check to make sure your NAT rules are correct and don't overmatch.
    Nothing NATs IPsec traffic by default.

    You can see what Untangle natted a session to by clicking the dropdown on one of the columns and displaying the "Client (Post-NAT)" column in the session viewer. Your screenshot has that column hidden, but if you add it you'll be able to more easily see whats going on.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    687

    Default

    Quote Originally Posted by dmorris View Post
    Are you talking about IPsec?
    Yes an IPSec site to site tunnel.

  4. #4
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    687

    Default

    Just found this NAT rule was enabled. IDK yet if that is causing it.

    big-nat-rule-enabled.png

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    A rule that is configured to NAT all sessions will definitely NAT all sessions.

    according to screenshot it is not enabled though...
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    687

    Default

    Ha ha. That was it. Fixed! I don't know how that rule got in there... Thanks so much!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2