Hey all, Got a conflict here and hoping someone has some ideas on this. We have 1:1 static nat for a server, but that server also needs to communicate over a policy-based VPN. If this VPN were route-based, there'd be no problem.
The VPN works for this server if I remove the static NAT so everything there is good. The option I've considered is to create a static route to the remote subnet which goes into a different zone (even a fake zone) and adjust the policies to go into that zone instead of the Internet zone. However, the traffic from the far side would still be coming from the Internet zone, so I'm betting the flows wouldn't match. It also seems like an extreme hack. Removing the static NAT would be awesome, but there are unknown things using it, so it's not so easy as that. Anyone have other suggestions? Thanks! Aaron _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
