IPSEC Site to Site (port forward)


I have problem with virtual network inside IPSEC and DNAT.

Site A
Local IP:

Site B
Local IP

I’ve created IPSEC from Site A to Site B
For Site B I’ve created “virtual network” for IPSEC (

So Ipsec traffic goes from site A to Site B

I want forward specific port 8921 to local address on site B (
so if host from Site A 192.168.1.X goes to on port 8921 it shoud reach on port 8921

On site B we created nat rule:
iptables -t nat -A PREROUTING -d -p tcp --dport 8921 -j DNAT --to-destination

We can telnet destination but after connection on port 8921 no data is shown… like there is no response

We added snat rule but still no responce:

iptables -t nat -A POSTROUTING -d -p tcp --dport 8921 -j SNAT --to-source

I also tried oposite direction: from site B to site A
iptables -t nat -I POSTROUTING -s -d -j NETMAP --to

I can ping hosts on network but if I try RDP for example I receive Username and password prompt but after that connetion does not establish.

what am i missing?

This topic was automatically closed after 15 days. New replies are no longer allowed.