Prerequisites

SNAT End Point Tunnel IP

The packets transmitted from ICS Internal Interface are dropped by AWS Virtual Gateway in L3 traffic. This is because the source IP and MAC address are not matching and the transit routing is not supported.

Ivanti Connect Secure must be able to SNAT these packets to the Internal interface IP which belongs to a subnet within the VPC.

To NAT endpoint tunnel IP to Internal interface IP, do the following:

1.Log in to Ivanti Connect Secure admin console.

2.Navigate to System > Network > VPN Tunneling.

3.Enable Source NATTING. By default, Source NATTING is disabled.

Enabling SNAT on ICS would reduce the number of connections, since one IP will be handling the traffic for all the end user Ivanti client connections. So, it is recommended that you purchase a NAT gateway and assign it to ICS.