Thanks for your time Steve, This is a new connection. Network B already has a routing to a network A for another customer. Therefore we need to source NAT A to C, as C is new to B and therefore can be routed back over the VPN tunnel. However as network C does not really exists in the environment traffic originating from B to C is not flowing back to A as it goes into the untrust zone in stead of zone A. Though my source NAT rule was setup bi-directional, I had to setup a reverse destination NAT for traffic from B to C NATed to A, to get this all to work. It kind of defeats the purpose of making a rule bi-directional. Here is the traffic log before and after the destination NAT rule (B to A): Type Threat/Content Type Generate Time Source address Destination address NAT Source IP NAT Destination IP Rule Source Zone Destination Zone Inbound Interface TRAFFIC end 25-10-2021 12:13 B.122.99 C.77.24 B.122.99 A.10.24 VPN from 3rdParty vpn A tunnel.6 TRAFFIC drop 22-10-2021 15:30 B.122.99 C.77.144 VPN from 3rdParty Block vpn untrust tunnel.6 Security Rules Name Source Zone source Address Dest Zone Dest Address Action VPN from 3rdParty vpn B.122.96/28 zoneA A.10.0/24 C.77.0/24 Allow VPN from 3rdParty Block vpn B.122.96/28 any any Block NAT Rules Name Org.Source Zone OrgDest Zone Org.Source Address Org.Dest Address Org.Service Source Translation Dest Translation B to A vpn untrust B.122.96/28 C.77.0/24 any address A.10.0/24 A to B zoneA untrust vpn A.10.0/24 B.122.96/28 any static-ip C.77/24 bi-directional
... View more