cancel
Showing results for 
Search instead for 
Did you mean: 

Who rated this post

@joseglez,

 

Yes, for reverse rule (inbound traffic), you need to put destination zone as internal not external. Then only traffic will be forwarded to internal IP 192.168.1.1. Normally while hosting internal server also, we configure policies in same way.

 

Your NAT would be like -

 

Bi-Directional NAT

 

SZONE - Internal

S-IP - 192.168.1.1

DZONE - VPN

D-IP - 10.10.10.1

S-NAT-IP - 1.1.1.1

 

Security Policy for outbound traffic -

SZONE - Internal

S-IP - 192.168.1.1

DZONE - VPN

D-IP - 10.10.10.1

 

Security Policy for inbound traffic -

SZONE - VPN

S-IP - 10.10.10.1

DZONE - Internal

D-IP - 1.1.1.1

 

Also configure proper routes and proxy-id configuration. With this, everything should work as expected.

 

Hope it helps!

Mayur

 

Mayur S.

View solution in original post

Who rated this post