NAT a 3rd Party Subnet
Hi, its a long time since I last used WatchGuard but we have purchased a small firebox to meet a specific requirement we have.
We have a CCTV subnet that will be accessed from a 3rd party site and devices on our subnet will also send to the remote 3rd party subnet. However the 3rd party subnet (192.168.1.0/24) clashes with one of ours, so the question is how do I NAT the 3rd party subnet in the BOVPN so that we rx traffic from say 10.224.1.0/24 and send to the same?
1
Sign In to comment.
Answers
I dont think you can, I may be wrong
@alankevinr1946 Really? Well that causes a huge problem then.
How do other people provide S2S VPNs to 3rd parties if the 3rd party subnet clashes with one of yours?
Review this:
Configure 1-to-1 NAT Through a Branch Office VPN Tunnel
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/bovpn_use_1to1_nat_c.html
@Bruce_Briggs Thanks Bruce.
It's the private subnet at the remote 3rd party end that clashes with one of our internal subnets rather than the other way round.
I'm pretty sure there will be a way of doing it, its just not too clear from reading the documentation. I think I will wait until we receive the Firebox and then I can test it with a firewall I have at home.
What needs clarification?
Can I NAT the 3rd parties src subnet (the subnet our end is unique).
Yes.
You use 1-to-1 NAT on the BOVPN setup when there is the same subnet at each end of a BOVPN.
To allow access, one uses the NATed IP addrs, not the real IP addrs.
One needs to set up the 1-to-1 NAT at each end of the BOVPN.
See the "Example" section in the above link.