Discovered a scenario that I can't get working in Azure, which seems like a limitation on the XG. We setup a policy-based VPN to one of our customers which needs to access one of our web-apps. The customer requires that RFC-1918 is not used in VPN traffic, so we are NATing local traffic to public IPs (in the VPN config). We currently have this web-app configured in the WAF, but restricted to certain private networks (will go public at a later date). In the IPsec config, the public IP (ipsec local subnet) NATs to the a IPAddress object that matches the IP Alias (PortB/WAN) that the WAF is listening on (can't use system interfaces).
When attempting to access this URL (resolves to 1.2.3.4 across tunnel) from the remote side, traffic is getting dropped when viewing drop-packet-capture on console.
log_component=Local_ACLs
source_ip=192.168.100.10
dest_ip=169.254.234.5 <-local ip of ipsec0 interface
#PortB:0 - 172.16.1.3 (Alias on interface)
WAF Listens on #PortB:0
VPN
Real: 172.16.1.3 (IPHost Object matching interface IP alias)
NAT: 1.2.3.4
What am I missing, or is this not a supported configuration? (sure hope not)
This thread was automatically locked due to age.