Hi!
First: Yes I read the KB about accessing internal resources using the external static NAT address (This one). But this doesn't work for me...
Here's what my config looks like:
show security nat source
pool exch_tf {
address {
192.168.8.13/32;
}
rule-set exch_tf_internal {
from zone transfair;
to zone transfair;
rule internal_nat {
match {
source-address 192.168.8.39/32;
destination-address 192.168.8.13/32;
}
then {
source-nat {
pool {
exch_tf;
}
}
}
}
}
static {
rule-set static_nat {
from zone untrust;
rule exch_tf {
match {
destination-address 86.103.130.70/32;
destination-port 443;
}
then {
static-nat {
prefix {
192.168.8.13/32;
mapped-port 443;
}
}
}
}
}
}
proxy-arp {
interface reth0.1 {
address {
86.103.130.69/32;
86.103.130.70/32;
86.103.130.71/32;
86.103.130.72/32;
86.103.130.73/32;
86.103.130.74/32;
86.103.130.75/32;
}
}
}
From zone: transfair, To zone: transfair
Policy: intra_zone, State: enabled, Index: 126, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: permit
No translation hits so far...
source NAT rule: internal_nat Rule-set: exch_tf_internal
Rule-Id : 26
Rule position : 31
From zone : transfair
To zone : transfair
Match
Source addresses : 192.168.8.39 - 192.168.8.39
Destination addresses : 192.168.8.13 - 192.168.8.13
Destination port : 0 - 0
Action : exch_tf
Persistent NAT type : N/A
Persistent NAT mapping type : address-port-mapping
Inactivity timeout : 0
Max session number : 0
Translation hits : 0
What's missing?
Regards
Andy