Web Server 10.0.0.2 ------(10.0.0.1) Site A SRX (1.1.1.1)---------------IPSEC VPN-----------------(2.2.2.2) Site B SRX (10.2.0.1)
I'm trying to setup a backup destination NAT for some servers. Since the ISP can't give us more external IPs for Site A, I want to use Site B's external IP to create a secondary 'entrance' for the HTTPS Server on Site A.
The VPN Tunnel works. (route based)
I can reach 10.0.0.2 from 10.2.0.1.
The destination NAT works to 1.1.1.1:443 to reach 10.0.0.2:443.
I can't get destination NAT to work on site B, so I can reach 10:0.0.2:443 through 2.2.2.2:443.
I've tried all kinds of NATting possibilities to get from untrust Site B to trust Site A, but I must be doing something wrong.
I've only used source NAT and destination NAT so far (in all possible ways).
Do I need proxy-arp for this? Or static NAT?
I don't have much of a configuration I can show with attempts, since I rollbacked everytime.
Thanks!