Any idea when 1:1 SNAT will be implemented correctly from it's currently half baked implementation? While doing SNAT and using a IP range (.1 - .254), the translated IP is a completely random octet, which is not desired in our configuration as the remote side is building firewall policies based on our source IP.
Orig source: (network) 1.1.1.0/24
Orig dest: (IP host group) **
Trans source: (IP range) 2.2.2.1 - 2.2.2.254
When sending traffic from 1.1.1.132, the customer on their side of the route-based VPN is seeing 2.2.2.251
I can setup specific host level NATs, but I would rather not, because I should be able to do it at the network level, no? I really do not want to drop back to Policy based VPN which has full NAT built in.
DNAT has the One to One option under Advanced Settings, so not sure why SNAT is missing this.
This thread was automatically locked due to age.
