I have a VPN concentrator that sits in a DMZ and passes it's traffic through an XG Firewall v18.0.3 MR-3 via a SNAT rule. This was working before the move to v18, and working after. However we changed ISPs so I needed to update the SNAT rule to the new IP. After I did this it stopped passing the IPSec traffic. All traffic from the router/VPN concentrator is supposed to go out via a different IP than the regular WAN on the XG. Other than the IPSec traffic, other traffic flows perfectly out the required interface. If I look at a packet capture I see the other traffic has an in and out interface, but the IPSec traffic has an in, but no out listed. Please help!
Firewall Rule: Source zone DMZ, Source N/D: 172.xxx.xxx.253 All the time
Destination zone: WAN, Destination Network: Any, Services: Any
All others are default.
NAT Rule: Original source: 172.xxx.xxx.253, Original destination: Any, Original service: Any
Translated source (SNAT): xxx,201.36,xxx, Translated destination (DNAT): Original, Translated service (PAT): Original
Inbound interface: Port3, Outbound interface: Port 1
Override checked Port1 xxx,201.36,xxx
All others are default.
Port 1:2 is xxx,201.36,xxx and has a definition of which I used in the rules.
This thread was automatically locked due to age.