Hello,
I'm trying to achiev the following (see attached drawing). On site A, I have a webserver (192.168.10.27) behind a SSG5. The SSG5 has a site-to-site route based VPN to a NS5gt. The NS5gt has a public IP (X.X.X.57/22) in the same subnet as the SSG5 (X.X.X.59/22). I would like a browser to access IP X.X.X.57 and hit the webserver through the VPN.
Moreover, the public subnet /22 is assigned by the provider but there is only 1 fixed IP address per Firewall. And the VPN should be kept "as is" if possible because it's needed to transport VoIP between site A and B.
Currently I have tried with a VIP on NS5 (same-as-interface) and a policy with source NAT. Traffic is reaching site A but the source is X.X.X.57 and the packet is dropped because the source is in the subnet of interface eth0/0 (I think).
Here is some excerpt of the config of NS5:
set interface untrust vip interface-ip 80 "HTTP" 192.168.10.27 manual
set policy id 19 from "Untrust" to "Untrust" "Any" "VIP(untrust)" "HTTP" nat src permit log
Any clue on how to do this ?
Thanks in advance,
Nicolas