Hi all,
I have the following rule-set in Place:
set security nat source rule-set internal-to-external from zone internal
set security nat source rule-set internal-to-external to zone external
set security nat source rule-set internal-to-external rule nat-internal match source-address 172.16.2.0/24
set security nat source rule-set internal-to-external rule nat-internal match destination-address 0.0.0.0/0
set security nat source rule-set internal-to-external rule nat-internal then source-nat interface
working just fine.
I implemented an IPsec Tunnel. The Packets arrive at the other end of the Tunnel (172.16.16.0/24) with my WAN-Address - then I remembered that NAT was in place...
So I tried:
set security nat source rule-set internal-to-external-no-nat from zone internal
set security nat source rule-set internal-to-external-no-nat to zone external
set security nat source rule-set internal-to-external-no-nat rule no-nat-internal match source-address 172.16.2.0/24
set security nat source rule-set internal-to-external-no-nat rule no-nat-internal match destination-address 172.16.16.0/24
set security nat source rule-set internal-to-external-no-nat rule no-nat-internal then source-nat off
followed by:
insert security nat source rule-set internal-to-external-no-nat before rule-set internal-to-external
Unfortunately I cannot commit this:
[edit security nat source]
'rule-set internal-to-external'
rule-set internal-to-external and rule-set internal-to-external-no-nat have same context.
error: configuration check-out failed
How to solve this? I need NAT for all destinations except 172.16.16.0/24
Thank you for your help