I am having trouble getting a destination NAT working for a VPN connection working. I am sure it is a simple issue, but I have been banging my head against the wall with it for a couple of days.
I have a domain based VPN for a site to site VPN. The VPN doman is configured and working as I can bring up the VPN for some other connections that are not using destination NAT. The Interoperable Device is configure with a VPN Domain that includes the "real" and "NAT IP":
The Access Policy is configure for testing to match from a host HTTP traffic with the VPN configured:
The NAT Policy is configured for a destination NAT from NAT_Server (192.168.2.10) to the H_Server (10.191.34.10)
My understanding is that this should map the NAT_Server (192.168.2.10) to the H_Server (10.191.34.10). This does appear to work as I see with "fw monitor" the traffic arriving on the firewall on the expected eth1 and trying to leave on the expected eth3:
The problem is that the packet stops on the outbound chain "o". In the log files I see the message about encryption failure: Different community ID, possible NAT problem (VPN Error code 01)
If someone is able to guide me in the right direction to solve this, it would be much appreciated.