Wondering if somewhere here with good NAT experience can assist me. The setup I am using is configured to do Static Natting without having to manage proxy arp tables. This is how.
- I have a VPN established between a client.
- The client accesses multiple servers behind our firewall.
- The servers each have a publicly assigned address.
- The firewall automatically translates the server addresses because it bypasses any arp request by using the vpn tunnel direct connection
Please trust me on this that proxy arp is really not necessary. There was a posting by Northlandboy that really delved into the reason why proxy arp is not necessary but I won't get heavy into that.
Anyhoo all was working until 10 days ago and now the client can no longer connect to our servers. I saw NOTHING in the logs which really alarmed me. I performed a tcpdump to gather information between the two tunnel gateways and did verify that the client's gateway is forwarding packets through to the tunnel to our site but our firewall doesn't seem to know what to do with the packets (there are no drop packets in the logs either...the logs sho nothing). I cannot figure out what happened. Just stopped working for no apparent reason. I am on NG AI R55.
I can probably get this working by instituting proxy arp but to do this I will have to create a new virtual network on my firewall's interface and assign it an ip address inside of the subnet I am NATing. I don't want to go through all of this manual trouble.
Any insight?