Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Hi Ken,It looks like your source NAT pool address is the same as the target NAT address for the application. Those pool addresses are the source IPs that will be used for the NAT pool rather than destination. You will need to choose pool addresses that reverse route back to the SSR from the workload. Also note that AWS will filter source IPs that don't match the interface address unless source/dest check is disabled for the interface.
It may be adequate to simply source NAT to the AWS interface address that is in the same subnet as the workload to avoid the need for AWS routes toward the SSR. In this case, just enable source NAT on the interface toward the workload and remove the NAT pool configurations. The only limitation is the number of ports available for traffic since only the interface address is used.Regards,Don