Re: How to do PAT over IPSec VPN RV340W

teofilo · ‎09-05-2024

Hi guys, hope you are all well.

I have an issue that I am trying to connect my RV340W VPN router to another network by masking my local network 192.168.4.0 as 172.16.204.0 so my remote network can accept my traffic.
Basically I need to do NAT over VPN to send and receive my local network as another network.

I already setup the VPN connection adding my source network as 172.16.204.0/24 which is my PAT network and the VPN connected however I can't send any traffic between my local network (192.168.4.0) and my remote network because I don't know where to add the local network to nat network conversion to 172.16.204.0 for the IPSEC tunnel on the router so I can NAT back and forth.

Where can I find a guide to do this?
Thanks much in advance.

Teo

Flavio Miranda · ‎09-05-2024

@teofilo

This is a Site to Site VPN, right?

I dont believe there will be such guide. What you can try is to create a NAT, not a PAT, translating the 192.x.x.x to 172.x.x.x

This need to be tested, not sure if this will work.

After the NAT config, you add the Natted traffic to the VPN.

teofilo · ‎09-05-2024

Hi Flavio, so I would add for example as private IP 192.168.4.0 (my real network) then 172.16.204.0 as my public IP range and on WAN1 (the WAN my VPN is going out on?)?

How do I apply that NAT after I create it?

Do I need to create an extra rule to apply it?
Where do I do it?

Thanks so much for your help so far.

Teo

Flavio Miranda · ‎09-05-2024

Hi Flavio, so I would add for example as private IP 192.168.4.0 (my real network) then 172.16.204.0 as my public IP range and on WAN1 (the WAN my VPN is going out on?)?

Yes

How do I apply that NAT after I create it?

Do I need to create an extra rule to apply it?

Where do I do it?

You dont need extra rule, once you create NAT the traffic should be translated. However, I believe the router will complain and probably will not work in that way, need to be tested.

Probably it will work when you actually use the WAN1 IP address or some IP address on the same range of WAN1 IP Address.

Refer to the following video for clarification.

https://www.youtube.com/watch?v=FPupQEYTFQc&t=85s

teofilo · ‎09-05-2024

Hey Flavio I was able to get it to ping outbound from 192.168.4.0 -> 172.16.204.0 -> final IP 192.168.204.11 and it pings from the router.

However from the 192.168.204.0 network I can't ping the 172.16.204.0 network I must be missing one more thing. Do I need to configure a route?

Thanks so much for your insight.

Teo

Flavio Miranda · ‎09-05-2024

I would like to undestand your topology better. If you can draw a simple topology would be great

teofilo · ‎09-05-2024

Hey Flavio in the end I ended up opening a direct VPN without doing NAT between sites since the router was not working properly with my firewall on the other end . I don't think this equipment can do NAT over a VPN it should be something they should add in case 2 sites have the same LAN network subnet.