Thank you for your reply. Very interesting document.
There is no way to solve this on the company firewall only? Subnet 10.0.0.0/13 is a subnet of a remote router in our network, it's not a subnet of the firewall itself.
As a test I tried to make NAT rules for client 10.0.1.86 with server 10.202.20.20 on our company firewall:
Source NAT rule for the incoming traffic to our company:
source zone = vpn; dest zone = trust; source ip = 10.0.1.86, dest ip = 10.202.20.20; source translation = static ip / 10.207.218.5 / not bi-directional
and a destination nat for the outbound traffic
source zone = trust; dest zone = vpn; source ip = 10.202.20.20; dest ip = 10.207.218.5; dest interface = tunnel.5 / dest translation = 10.0.1.86
When I run a Packet Capture on interface tunnel.5, I only see (icmp) packets coming from 10.0.1.86, but I don't see anything in the policy log.
Can someone explain this to me?
Thanks!
... View more