Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
03-27-2017 09:11 PM
Hello,
I have a new client we have a direct L3 link with. Our firewall has an existing directly connected interface on the 10.10.0.0/16 subnet. Our client also has a subnet of 10.10.0.0/16 which we need to get to.
During my initial testing I decided just to access a /24 of the clients /16. I am natting the client subnet of 10.10.101.0/24 to 172.17.101.0/24.
I have a NAT policy with a source of another of my internal subnets (not the 10.10.0.0/16), destination of 172.17.101.0/24, source nat to a synamic ip+port, destination nat to 10.10.101.0/24.
When the destination NAT kicks in it checks the source VR for its route which is the directly connected interface and attempts route it locally. If I remove the destination nat it hits the destination interface but with the wrong destination address.
Round 2:
I removed the customer config from the current VR and put them into a new VR, setup vr to vr routes. Same issue,
When the destination NAT kicks in it checks the source VR for its route which is the directly connected interface and attempts route it locally. If I remove the destination nat it hits the destination interface but with the wrong destination address.
Does anyone know how i can get around this without using a separate VSYS (i havent tried yet, not 100% sure it will work)?
