I'm trying to do a destination nat from a server to a internal server with the following configuration. The incoming server can ping the interface or gateway of the internal server but cannot ping the internal server ip. Below shows the configuration, routes and security policues. Also a output of the destination nat shows no translation hits. Any tip on this?
destination {
pool dnat-pool-1 {
address 10.20.X.20/32;
}
}
}
}
rule-set dst-nat-B_LAN {
from zone B_LAN;
rule rule-2 {
match {
destination-address 10.X.X.56/32;
destination-port 6004;
}
then {
destination-nat pool dnat-pool-1;
}
}
}
}
proxy-arp {
interface ge-0/0/10.0 {
address {
10.X.X.56/32 to 10.X.X.56/32;
}
Security Policy
policy dst-nat-B_LAN {
match {
source-address 10.X.X.56;
destination-address 10.20.X.20;
application TCP-6004;
}
then {
permit;
log {
session-init;
static routes
route 10.X.X.56/32 {
next-hop 10.20.X.1;
preference 20;
root@FW_Cluster> show security nat destination rule all
node0:
--------------------------------------------------------------------------
Total destination-nat rules: 1
Total referenced IPv4/IPv6 ip-prefixes: 1/0
Destination NAT rule: rule-2 Rule-set: dst-nat-B_LAN
Rule-Id : 1
Rule position : 1
From zone : B_LAN
Destination addresses : 10.X.X.56 - 10.X.X.56
Destination port : 6004
Action : dnat-pool-1
Translation hits : 0