Hi All,
*config is in the next post*
I am having trouble with NAT/Flow/Security, I'm not sure which one it is yet. My scenario is follows, in the default instance which uses inet.0, I have my public interfaces in the internet zone, I have my internal servers in a zone internal, I can Route/NAT pass traffic from the internal to the public zones, and vice versa, with source and static NAT.
The issue is with traffic/NAT between the internal routing instance and another routing instance that we need to get traffic into/from. It is called ATandTInside, you will see in the config below:
The public interfaces ge-0/0/0.x are in the inet.0 routing table (default)
The internal ge-0/0/2.450 interface is in the Internal Zone and the internal-vr.inet.0 instance
The 'other' interface which we are having trouble doing NAT with is ge-0/0/0.401 in the ATandTInside zone, in the atant-vr.inet.0 instance.
I have changed ip's for security but the concept is the same:
I realise there is no route in atandt-vr.inet.0 for the internal routing instance, I believe this is correct since traffic returning from hosts inside 10.1.51.0/24 should be returning to the firewall interface of 10.1.51.254.. So:
Internet > Host1 (inside the default instance) works
Host1 > Whatismyip works and shows the correct IP
ATandTInside > Host1 (inside the default instance) Fails
Host1 > ATandTInside Fails
I will attach an image shortly.
Thanks
Phil