11-20-2018 09:21 AM
Hello,
I'm currently having an issue with a NAT'ed Hairpinned s2s VPN setup. The VPN itself is up and running okay but i don't seem to be able to ping or route past the remote peer. Please see image attached for a quick overview.
Based on the diagram, from 192.168.100.1 i am able to ping 10.50.13.50 over the VPN tunnel and back but i am unable to ping anything else or further hops such as 10.50.13.2 or 'other subnets'. The rules in place from the 'firewall' are correct and allowing the specified traffic. We can see traffic being returned to 10.50.13.50 from 10.50.13.2 for example during a ping but not any further.
I think the problem lays with how i am trying to NAT or route the traffic in this hairpin type scenario. All the other s2s tunnels i have configured previously have used a dedicated inside and outside interface, so i'm a bit stuck on this one.
Thanks for any assistance.
Solved! Go to Solution.
11-22-2018 07:35 AM
Thanks for the reply JP,
After doing some further packet captures i could see traffic bouncing about.
I managed to come across this great video that helped me fix the issue. Luckily enough it was simple to follow and matched my scenario. Just needed to add a loopback address and route traffic correctly.
https://www.youtube.com/watch?v=ARg-RYM0tIs
11-22-2018 07:43 AM
11-22-2018 07:30 AM
11-22-2018 07:35 AM
Thanks for the reply JP,
After doing some further packet captures i could see traffic bouncing about.
I managed to come across this great video that helped me fix the issue. Luckily enough it was simple to follow and matched my scenario. Just needed to add a loopback address and route traffic correctly.
https://www.youtube.com/watch?v=ARg-RYM0tIs
11-22-2018 07:43 AM
11-22-2018 07:50 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide