Access Webserver from external through bovpn
Hello,
I have two sites A and B. Both are connected via BOVPN tunnel
Site A has local network 192.168.1.0/24
Site B has local network 192.168.2.0/24
We have fix external public ips on both sites
On Site A all Servers are hosted. But we need to access the Webserver (192.168.1.10) of the public ip of Site B.
How can I solve this to reach the webserver on site A over the public ip of site B
Public ip Site A=197.23.55.21
Public ip Site B=80.77.66.11
On Site B the incoming NAT for 192.168.1.10 does not work.
I think I have to do NAT over the BOVPN Tunnel.
Thanks and kind regards
0
Sign In to comment.
Comments
Hi MBlock,
Thanks for writing.
You'll need to create a VPN tunnel from the Public IP to the Private IP of the server
In VPN -> Branch Office Tunnels, for that tunnel, you'll need to create a route that looks like this:
80.77.66.11 <--> 192..168.1.10
On the other firewall, it'll need to be flipped.
(Bruce's method below will also work)
-James Carson
WatchGuard Customer Support
Or:
For a normal (non-zero route) BOVPN you need an entry on the incoming HTTP/HTTPS policy with a "Set source IP" entry to make the reply packet from the branch B device go back over the BOVPN, not out the branch B Internet connection.
On the SNAT used for your incoming HTTP/HTTPS policy select "Set source IP" enter a value - discussed below
If the BOVPN Tunnel Local setting is the trusted subnet, set the "Set source
IP" value to the IP addr of the trusted interface.
(Actually it can be any IP addr from the trusted subnet, but using the
trusted interface IP addr seems more logical to me)
Now when the packet goes down the BOVPN, the source IP addr of the packet
will be something from the main office (the trusted interface IP addr), and
thus the reply packet will be routed back over the BOVPN to the main office
firewall, where it will then be Dynamic NATed and routed back to the session
initiator.
You're so great. I'll try it later . Thank's very much