I have a ASG v7.103 with 4 additional IP-addresses on the external interface. The four additional IP-addresses are web servers located on different internal networks.
Question 1: When setting up masquerading, I can only choose physical nics, not the additional IP-addresses on the external nic. How do I allow traffic to an additional IP-address on the external nic which is a web server located on an internal network? DNAT of course, but anything else?
Question 2: When the web servers wants to start a connection to a host on the Internet, I am using snat in order to change the source IP-address to the correct additional external IP-address since I cannot use masquerading(?). What happens when connecting to a host through vpn? Is the source IP address changed by snat or is it unchanged? The snat rule is set to change the source IP address for "any" address.
Question 1 and 2 are maybe the same question? I suspect that I cannot use masquerading for the additional IP address. snat solves the problem when connecting from internal to external, but what happens when using vpn and snat?
This thread was automatically locked due to age.