Screen OS

Hi,

I have to build a site to site VPN between my network(LAN 1 10.1.1.0/24) using my ScreenOS firewall(public IP 3.3.3.1) and another entity's LAN.

They gave me their internal LAN range LAN 2 192.168.10.0/24 and their firewall public IP address(2.2.2.1)

Is there any possiblity for me to NAT the packets comming from my network LAN 1 10.1.1.0/24 to the same IP as my firewall's public IP address 3.3.3.1 on ScreeenOS?

Which is the best practice in these situations? Route based VPNs or policy based VPNs?

Regards,

TCP

I dont think you can do that. Other side would then need to route your public ip address to tunnel to make it reachable through the tunnel. And because the tunnel itself is created by using that same ip address it needs to routed through the interface facing the public network (wan). Why would you want to NAT your clients to public IP anyways? Can you tell us more about this scenario?

If you are satisfied with the answer, please click "Accepted as Solution". Kudos also welcome!

Hi,

I didn't see a configuration like that yet but somebody told me it did it on a Fortigate and wanted it replicated on my Juniper SSG140.

I agree on the part with the routing at remote end but the guy says he is sure about that mapping.

Regards,

TCP.

Hi,

If he says so. I havent tried this but I am pretty sure it wont work. And I still fail to see why would one want to do that anyways.

If you are satisfied with the answer, please click "Accepted as Solution". Kudos also welcome!