Trouble with routing traffic back to a VPN IP from a NAT host

Hello everyone!

I've run into a problem where our NAT:ed servers fail to send replies to request that originates from clients connected with our VPN. Requests from outside our network works fine, as well as requests from other parts in our network.

Some details :

We're using a M470. - Subnet for clients connected via VPN (Mobile VPN with SSL) - Not sure what VLAN - Subnet for servers - VLAN 200 - Another subnet for servers - VLAN 400 - Public IP of server 1, NAT to - Public IP of server 2, Nat to - Public IP for clients connected via VPN

When I connect via our VPN I am assigned IP
I run 'curl' and I receive a timeout, no reply from the server.
I run 'curl' - works fine.

I SSH to server 2 ( and try the same curl commands and they work just fine.

When I check the traffic monitor in the M470 I can see that my 'curl' results are "leaving" our network and are being handled as external requests from to (fair enough, although optimal would be for this to be handled internally). The requests reaches the server and with TShark (CLI for WireShark) I can confirm that the packages look alright and that the server replies.

The replies are being adressed to and transmitted over the opened TCP port (61234 for instance). This port matches the one that appears in the Traffic Monitor as source port for the request from

I can't see the servers replies in the traffic monitor.

If anyone has any suggestions on what to try, or changes to do to get this up and running, these suggestions would be highly appreciated!

Best Regards,

Sign In to comment.