Vmx in Nat Mode - not routing over vpn tunnel correctly

muhammed_haque
New here

Vmx in Nat Mode - not routing over vpn tunnel correctly

Hi,

 

I am using a vmx in AWS in nat mode.

 

So MX -> VMX -> AWS Subnets

 

It seems that any traffic that has it source ip from a subnet defined as a static route and is enabled in vpn does not get routed back by the vmx over the site2site tunnel but egresses over the wan / internet interface.

 

So:

 

VMX - advertises 10.1.1.0/24  (via static route)

MX advertises 10.100.0.0/24

both are seen in the site-2-site as local networks / remote vpn participants

 

so i ping from 10.1.1.1 -> 10.100.0.1 it gets natted over the interface using the public ip. 

I was assuming any IP destination for a subnet in the vpn would be sent over the vpn tunnel and not natted out as being external to vpn.

 

This seems incorrect for me.

 

Can anyone confirm this behaviour as being correct ?

 

Thanks.

1 REPLY 1
PhilipDAth
Kind of a big deal
Kind of a big deal

That is not the correct behaviour.  Normal operation is no NAT for traffic flowing over AutoVPN as long as both the source and destination subnet are included in AutoVPN.

 

If only a single subnet is included in AutoVPN, then NAT is used for the subnet not included, but this still flows over AutoVPN.

Get notified when there are additional replies to this discussion.