A client (192.168.69.10) in the VPN Zone needs to access a server on the DMZ with a public IP address (204.68.184.237) not configured on the device. The device should translate the public IP to the private IP of the server (172.25.3.50). The packet should be seen as sourced from an unknown IP (192.168.222.16), which is not configured on the device. The server should be able to initiate the traffic to the client at IP 192.168.222.16 , which will be translated by the device to the client's original IP, 192.168.69.10. Additionally, the source IP of the server should be changed to the Public IP, 204.68.184.237.
Create 2 loopback interfaces:
loopback.1: 192.168.222.16/32 with zone "VPN" and appropriate VR
loopback.2: 204.68.184.237/32 with zone "VPN" and appropriate VR
Create 2 NAT rules:
From VPN Client to Server:
Source Zone: VPN
Destination Zone: VPN
Source Address: 192.168.69.10
Destination Address: 204.68.184.237
Source Translation: Select "Dynamic IP and Port". Select "Interface Address" . Select "loopback.1", Select IP "192.168.222.16"
Destination Translation: 172.25.3.50
From Server to VPN Client:
Source Zone: DMZ
Destination Zone: VPN
Source Address: 172.25.3.50
Destination Address: 192.168.222.16
Source Translation: Select Dynamic IP and Port. Select Interface Address. Select loopback.2. Select IP 204.68.184.237.