Trouble with routing traffic back to a VPN IP from a NAT host
I've run into a problem where our NAT:ed servers fail to send replies to request that originates from clients connected with our VPN. Requests from outside our network works fine, as well as requests from other parts in our network.
Some details :
We're using a M470.
192.168.113.0/24 - Subnet for clients connected via VPN (Mobile VPN with SSL) - Not sure what VLAN
192.168.210.0/24 - Subnet for servers - VLAN 200
172.23.0.0/24 - Another subnet for servers - VLAN 400
188.8.131.52 - Public IP of server 1, NAT to 192.168.210.10
184.108.40.206 - Public IP of server 2, Nat to 172.23.0.10
220.127.116.11 - Public IP for clients connected via VPN
When I connect via our VPN I am assigned IP 192.168.113.5.
I run 'curl 18.104.22.168' and I receive a timeout, no reply from the server.
I run 'curl 192.168.210.10' - works fine.
I SSH to server 2 (172.23.0.10) and try the same curl commands and they work just fine.
When I check the traffic monitor in the M470 I can see that my 'curl 22.214.171.124' results are "leaving" our network and are being handled as external requests from 126.96.36.199 to 188.8.131.52 (fair enough, although optimal would be for this to be handled internally). The requests reaches the server 184.108.40.206 and with TShark (CLI for WireShark) I can confirm that the packages look alright and that the server replies.
The replies are being adressed to 220.127.116.11 and transmitted over the opened TCP port (61234 for instance). This port matches the one that appears in the Traffic Monitor as source port for the request from 18.104.22.168.
I can't see the servers replies in the traffic monitor.
If anyone has any suggestions on what to try, or changes to do to get this up and running, these suggestions would be highly appreciated!