Hi experts,
I'm having a hard configuring a route based vpn between 2 SRX 100.
In the middle we have an Watchguard firewall who does one to one NAT to VPN IP.
Toplogy is
SRX1 ---- Internet ---- Watchguard (one to one NAT) ---- SRX2
Can ping from Srx1 to Srx2 public ip successfully .
All policies are configured to permit vpn traffic .
On the SRX behind the nat box we have security Ike policy POLICY local-address PrivateIP.
With this config Ike as on the SRX1 it's not firmed, also no IPSec sa.
If I change local-address from private IP to the public IP Ike and IPSec are forming but cannot send any traffic on the tunnel.
I did a debug on the Nat firewall on the lan side and saw that the packets are sourced by SRx2 from the public IP.
Can you please share a working config for a route based VPN when one SRX it's behind a NAT box?
Thank yiu.