Hi,
I'm running into a nat mess on the netscreen.
where running the latest build of 6.1.
The situation requires us to nat a server for specific flows outbound (using DIP) & inbound (using policy dst-nat) .
a MIP cannot be used as it would translate all traffic, which will break certain flows.
when we configured both the DIP & the policy dst-nat the DIP policies where working but not the dst nat.
In the log you could see:
****** 114826.0: <FW/ethernet0/2> packet received [48]******
ipid = 5353(14e9), @2d6a6110
packet passed sanity check.
ethernet0/2:x.x.x.x/4080->y.y.y.y/80,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/2>, out <N/A>
chose interface ethernet0/2 as incoming nat if.
packet dropped: for self but not interested
Is this kind of configuration supported? A policy dst nat with the same ip of a dip ?
tnx for the replies!