Trouble with routing traffic back to a VPN IP from a NAT host

Hello everyone!

I've run into a problem where our NAT:ed servers fail to send replies to request that originates from clients connected with our VPN. Requests from outside our network works fine, as well as requests from other parts in our network.

Some details :

We're using a M470.

192.168.113.0/24 - Subnet for clients connected via VPN (Mobile VPN with SSL) - Not sure what VLAN
192.168.210.0/24 - Subnet for servers - VLAN 200
172.23.0.0/24 - Another subnet for servers - VLAN 400

25.25.25.25 - Public IP of server 1, NAT to 192.168.210.10
30.30.30.30 - Public IP of server 2, Nat to 172.23.0.10
15.15.15.15 - Public IP for clients connected via VPN

When I connect via our VPN I am assigned IP 192.168.113.5.
I run 'curl 25.25.25.25' and I receive a timeout, no reply from the server.
I run 'curl 192.168.210.10' - works fine.

I SSH to server 2 (172.23.0.10) and try the same curl commands and they work just fine.

When I check the traffic monitor in the M470 I can see that my 'curl 25.25.25.25' results are "leaving" our network and are being handled as external requests from 15.15.15.15 to 25.25.25.25 (fair enough, although optimal would be for this to be handled internally). The requests reaches the server 25.25.25.25 and with TShark (CLI for WireShark) I can confirm that the packages look alright and that the server replies.

The replies are being adressed to 15.15.15.15 and transmitted over the opened TCP port (61234 for instance). This port matches the one that appears in the Traffic Monitor as source port for the request from 15.15.15.15.

I can't see the servers replies in the traffic monitor.

If anyone has any suggestions on what to try, or changes to do to get this up and running, these suggestions would be highly appreciated!

Best Regards,
Henrik

Sign In to comment.