Options

VPN NAT / Connnection needs to be seen as local connection

SvenSven
edited October 2023 in Firebox - VPN Mobile User

I am having the following challenge. I need to access a device on my company LAN via VPN - the device only accepts connections from the company LAN's IP range ( 192.168.2.x ). I am currently using a virtual IP pool on the mobile VPN connection and therefore I am unable to establish a connection. What is the best solution here - can I use a range of the companies LAN IP also in the virtual pool, lets say I exclude 10 addresses from companies DHCP and use those 10 addresses in the virtual pool? Or does this create other issues? Any other solutions like NAT etc...? Many thanks for your help. Sven

Answers

  • Options
    Bruce_BriggsBruce_Briggs
    What mobile VPN type is this?

    You can have a policy From: the appropriate VPN group or user To: the device IP addr.
    On the Advanced tab of the policy, NAT section, set the IP addr to use as the firewall interface IP addr on 2. x
  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Sven

    The only VPN that will be able to handle this is SSLVPN. You'll need to set SSLVPN to bridged mode, and you'll need a bridge interface to connect it to.

    -The existing 192.168.2.x network will need to be changed to a bridge interface.
    -Once the bridge interface is available, you can change the SSLVPN to bridge mode, and specify an IP range inside of that network for SSLVPN.

    Please note that if this application isn't sending traffic to the default gateway (the firebox) properly, or if it's trying to communicate via network broadcast traffic, trying to match the subnet on the SSLVPN won't work.

    Also note: If you're using anything other than the WatchGuard SSLVPN client to connect it will likely not work, as OpenVPN does not support bridged mode connections.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.