02-03-2022 10:56 AM
I am Labbing up a configuration I am about to go live with in production but it is not acting as it should when trying to apply a NAT rule to a tunnel interface. When I apply individual rules to the vpn traffic as I would like it to act I am not getting the intended result. I have to select bi-direction to get the NAT rule to act as it should. It works that way but it bugs me on why it is not working as intdended.
Zones:
WAN
VPN
LAB
NAT
NAT Rules
| Name | Src Zone | Dest zone | dest int | src addr | dest adds | service | src translation | dest translation |
| VPN-OUT | LAB | VPN | any | 192.168.110.0/24 | any | any | static-ip 10.0.110.0/24 bi-directional: no | none |
| VPN-IN | VPN | VPN | any | any | 10.0.110.0/24 | any | none | address 10.0.110.0/24 |
If I change bi-directional to yes on VPN out the both directions work. If I leave it as NO the traffic does not hit VPN-IN no matter what I do.
any suggestions of what is going on is greatly appreciated.
Thanks,
Matt
02-03-2022 01:14 PM
Hello,
If you are using a bi-directional NAT. I would recommend you set it to yes. This prevent asymmetric routing and could cause applications to fail.
Here is an article that may help.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
