Users can not access Mail server (has IP public) via same PPPoE interface
I have a Mail server in vlan200; vlan100 is user vlan. Vlan200 and vlan100 access Internet via interface PPPoE pp0.0 Mail server have a public IP (call A.A.A.A) which had routed by my ISP. I implement static nat on SRX with public IP A.A.A.A. All packet sent to A.A.A.A is translated to B.B.B.B (is local IP of Mail server)
Outside users and users who using an other PPPoE interface can access the Mail server. But users who using same interface pp0.0 can not.
I've attached my network diagram. So what the trouble with this scene? Thanks!
Re: Users can not access Mail server (has IP public) via same PPPoE interface
I guess you are using dns resolve your mail server IP to it's public IP address not the private one. So the user use the same pp0 and destination is 22.214.171.124 will use default route to your ISP which will send the traffic back again to your SRX on same link that's why the SRX drop the packet.
For any other PP interface traffic is sent through PP0.4 for example and comeback again from your ISP on PP0.0 so SRX forward the traffic normally as the PKT received from different interface.
1- I will suggest you to add on the static nat from zone trust so it will be like from zone [ trust untrust ];
so static nat will be performed on the SRX itself on LAN side and sent PKT to mail server directly instead go to ISP cloud and return again to your box.
2- Another solution if you are using local DNS add entry on it for your mail server mapped to private IP 172.22.0.10 so user traffic will go directly to your mail server without any nating