Traffic routed between PepVPN and IPSEC is being NATed

ghck17 · August 3, 2018, 12:19pm

Per the simplified diagram below, I have a FusionHub instance deployed in Azure, a Balance 210, and a Juniper SSG20. I have established a PEPVPN between the 210 and the FusionHub (star via incontrol), with all traffic from the 210 going thru the FH. I also have an IPSEC VPN established between the FH and the SSG20. Both VPNs are up and passing traffic from the endpoints to the FH. I can ping from the 210 LAN network to the SSG 20 LAN network, but not in the opposite direction. It appears the FusionHub is NATing between the PEPVPN and the IPSEC VPN. On the SSG20, the source of the successful pings is showing as 10.10.10.4, not 192.168.100.x as I would expect. Is there a way to stop the NATing?

Also, what is the best way to configure routes on the Peplinks so the 210 LAN network can reach the MPLS cloud via the SSG20?

Thank you.

Zach_Tangen · August 3, 2018, 1:44pm

In the PepVPN profile you can turn NAT Mode off by unchecking the tick box.

JamesPep · August 5, 2018, 6:48pm

Odd, as you’re defining your PepVPN connection via InControl.

The default configuration during PepVPN setup is with NAT disabled. Could you please re-check your config?

If your config is correct and you’re still seeing NAT behaviour out of your fusionhub, please open a support ticket.

ghck17 · August 6, 2018, 5:10am

NAT is not enabled in the config. I will open a support ticket. Thank you.

Don_Ferrario · August 6, 2018, 4:14pm

Might the NAT be happening on the IPsec VPN instead of the PepVPN?

ghck17 · August 8, 2018, 10:24am

I don’t think so. I created a VPN gateway in Azure and created a tunnel back to the SSG20. I am getting the same result. It appears to be NATed when egressing the PepVPN.