Using an ISG-1000 cluster with IDP:
Networks involved:
untrust network (209.194.180.187/29) on aggregate1.16 (in Route mode)
trust network (10.1.32.1/20) on aggregate1.2 (in Route mode)
Hosts involved:
Client on the Internet
MIP entry on aggregate 1.16 for a public IP which maps to a host (10.1.32.13), which is on the trust network.
Current rule:
I have a global firewall rule that allows traffic from any network to my MIP mapped host for a published service (NNTP @ TCP 119). This is working great.
Problem:
I need to create a NAT-DST with port mapping rule to redirect an incoming request to the public IP of that host (at dst port 143), and redirect it to the MIP host at a different port (port 119). Every rule combination I have tried so far has failed to allow connectivity. I am attempting to build these rules through NSM and not directly on the box if possible.
I am a bit of a noob at screenos debug so if you need more info please be detailed in how to get what you need. Public IP on untrust was purposely changed to protect the innocent. 😉