Edge enterprise vpn and NAT

[Frater]

Hi.

No doubt I have missed something elementary and need a smack and a document reference...

I have my Edge-X box managed by Smartcenter and have it connected in a Site-to-Site VPN to my NGX61 SPLAT box.

When i ping a host on the inside of the Edge box from my office LAN all works fine but when I try in the other direction nothing happens. The Smartcenter log indicates that the Edge WAN interface is trying to ping my internal host thus implying that the VPN tunnel never comes up when initiating traffic from the Edge side.

Looking in the Edge box local config under "My Network" I see that The Lan interface has NAT enabled. If I disable this then the VPN tunnel works and sessions can be initiated in both directions but internet access is dead of course.

Do I have to set up manual NAT rules in smartcenter in order for this to work?

Cheers!

[abusharif]

You disable NAT inside vpn on your community object in the smartcenter.

[Frater]

Very true, I discovered it just myself.
...
Should you or I administer the smacking? =)

[abusharif]

Quote:

Originally Posted by Frater

Very true, I discovered it just myself.
...
Should you or I administer the smacking? =)

I am all in for smacking, bi-directional, its a little fetish thing of mine :)

[Frater]

Sounds like a slightly flagellant keepalive protocol? ;)