We have combined two existing wan networks, we have done this with 1:1 NAT. So every 10.10.10.0/24 address has a 172.16.10.0 address. This works two ways. Please look at the attached design. There is no option to do it with a standard PAT translation you would use if the VCS Expressway is connected to the internet.
At this moment we cannot get the traversalzone working from the 10.10.10.10 VCS Control to the 172.16.10.10 VCS Expressway.
Is this a correct design or do we need to append a dual network interface option to route the traffic?
I hope you can give me some insight to the problem.
can you elaborate further on how this NAT setup works? In which direction of traffic is NATing taking place?
The diagram states that "All 10.10.10.0 addresses are natted to 172.16.10.0". The diagram shows the VCS-E with an address of 172.16.10.10 and the VCS-C with an address of 10.10.10.10. If I understand that correctly, wouldn't the VCS-E and VCS-C end up with the same address?
To break things down a bit, could you please answer the following:
- If you ping the VCS-E from the VCS-C, what apparant address would the ping come from as seen on the VCS-E?
- If you ping the VCS-C from the VCS-E, what apparant address would the ping come from as seen on the VCS-C?
- Is 172.16.10.10 and 10.10.10.10 the actual LAN 1 IP addresses of the VCS-E and VCS-C, respectively?
- What IP address have you configured as the peer address on the traversal client zone on the VCS-C, and what is the peer address for the traversal server zone shown as on the VCS-E?
If i ping from the VCS-C i would ping 10.10.20.10 - by the firewall it wil be translated to 172.16.10.10
If i ping from the VCS-E i would ping 172.16.20.10 - by the firewall it will be translated to 10.10.10.10
your initial post and diagram only describes 10.10.10.0/24 and 172.16.10.0/24, but your latest post also mentions 10.10.20.0/24 and 172.16.20.0/24, could you please clarify?
Also, does the Expressway require connectivity with public networks/Internet?