No Ping after DNAT

Hi folks,

I have the following problem:

I have an icinga 2 running in my network and I want it to ping a remote network via S2S.

This does work, but as soon as i create a DNAT with HTTP and HTTPS to my icinga, it stops working.

What i tried:

Set a permanent route through the IPSEC, made a roule to allow all ICMP traffic, made packet traces (my pings werde not even showing up, only the automatic ones fron icinga).

Is there some connection between DNAT an IPSEC? Does one exclude the other?

It's my first post here, so please let me know, if i missed something Slight smile


Edited TAGs
[edited by: emmosophos at 7:07 PM (GMT -7) on 23 Jun 2022]
Parents Reply
  • The system route for IPsec simply tells the firewall itself, there is a route for the traffic. This can be needed in case of NAT:

    But you NAT has a traffic selector based on Interface. I would recommend to try ANY there instead of Port2. 

    Check the Packet Capture as well.