I need a 2nd pair of eyes while working on a NAT issue.
Two headquarters (lets call them A+B) are connected with a leased line, at end B we have an ASG8.
Interfaces:
LOCAL on eth0 [192.168.180.1/24]
UPLINK on eth4 [192.168.190.6/24]
To connect to several services from B to A I have a static gateway route in place:
GROUP_Networks_A -> Gateway Firewall_Network_A [192.168.190.1]
To connect from A to B we addressed directly, so ASG8 knew to distribute this to LOCAL on eth0. If basically a client in A wanted to connect to 192.168.180.100 he used 192.168.180.100.
So far so good.
Due to some regulatoric changes now new connections from A to B are send to UPLINK to eth4, but with a new net: 10.7.0.0/16. The idea behind this: Requests to 10.7.0.100 should be NATted to 192.168.0.100.
To archieve this, I've added an additional address on ETH4:
10.7.0.1/24 on interface UPLINK
Then I've tried setting up a FullNAT to accomplish the goal:
Traffic Source: Any
Traffic Serice: Any
Traffic Destination 10.7.0.100
NAT mode: Full NAT
Destination: 192.168.180.100
Destination Service: (unchanged)
Source: UPLINK (address)
Source Service: (unchanged)
+ Log initial packets and Automatic firewall rules active.
The Firewall log shows two entries for the TCP requests:
12:26:27 Connection using NAT - TCP 10.2.173.6 -> 10.7.0.100:80 / len=60, ttl=59, tos=0x00 / srcmac=5c:5e:ab:e6:e:8d / dstmac=0:1b:21:be:b9:99
12:26:27 Connection using NAT - TCP 10.2.173.6 -> 192.168.180.100:80 / len=60, ttl=58 , tos=0x00 / srcmac=0:1b:21:be:b8:a8
...but the traffic doesn't show up on the destination server.
I guess I'm missing something, any clues?
Thank you in advance.
This thread was automatically locked due to age.
