Hi all, I will appreciate some help to configure the following setup on an SRX 340. The IPSec VPN is up and I need to figure out how and where to set up the SNAT.
The basic packet flow is:
10.255.255.10 (client host) → 10.255.255.1 (virtual interface on SRX) → 1.2.3.4 (local VPN Peer public IP) → IPSec VPN over internet → 5.6.7.8 (remote VPN public IP) → … → 10.10.10.1 (remote host)
The remote site is a vendor on Fortinet. The IPSec VPN is up and running. The remote site has advised us to SNAT all our traffic destined for its internal network to make it appear as coming from the 1.2.3.4 public IP.
First of all, I assume this is doable! This is a route-based VPN.
Secondly, our internal 10.255.255 network is in security zone TRUST and st0.1 is in security zone VPN.
I have set up static routes on the SRX for 10.10.10 remote network to have next-hop st0.1.
Is there a way I can ping the remote endpoint (10.10.10.1) from the SRX itself to see if all is well, before setting up the NAT? Will the SRX route the packet to 10.10.10.1 properly?
If that works, how should I set up the NAT from my internal network to this VPN?