dalearyous
[H]ard|Gawd
- Joined
- Jun 21, 2008
- Messages
- 1,922
so, you have corp office on a 10.10.0.0/16 network, you have a branch office on a 172.16.254.0/24 network, and that branch office has an interface on the firewall configured to talk to a separate vendors devices on a 192.168.100.0/24 network. you setup static NAT to basically NAT a device on the 192 network to an IP on the 172 network. you can ping and talk to the devices just fine if you are at the branch office. however, pinging the device from the corp office does not work.
do i have to allow the 192 traffic through the tunnel? in my mind the answer is no, because the NAT translation is happening at the branch office and sending the traffic along. so just because the tunnel is configured to only allow 10.10.0.0/16 <-> 172.16.254.0/24 it shouldn't be dropping the 192 traffic because the NAT has changed the header ... ?
do i have to allow the 192 traffic through the tunnel? in my mind the answer is no, because the NAT translation is happening at the branch office and sending the traffic along. so just because the tunnel is configured to only allow 10.10.0.0/16 <-> 172.16.254.0/24 it shouldn't be dropping the 192 traffic because the NAT has changed the header ... ?