[remoh]

R55 hfa-13 enforcement point.....

Host's real ip = 1.1.1.1
hosts public ip = 192.168.0.1

object created with ip of 192.168.0.1 and the automatic nat tab enabled with a static destination nat of 1.1.1.1

Translate destination on client side enabled

automatic arp enabled


So far, so good.....

Now heres the issue.........

To get splat to arp for anything, it needs a route........automatic arp configured or not, according to various secureknowledge articles this is how it appears...

usually you'd probably use to get to public address go to private address...... Ie route 1.1.1.1 255.255.255.255 192.168.0.1 but splat will only accept routes for reachable networks............even though I've got a route to 192/8 to the next hop router.......

What routes are required to get this to work.........bear in mind that none of the natted hosts are on the same network..


I've seen various variations of this and thus a bit confused...

Cant use manual nat, got 300 objects to nat.....