We have a series of customers with a firewall cluster but no local server infrastructure.
Their resources are in our datacenter.
There is always an IPsec tunnel from the datacenter to the firewall.
We can always access the firewalls through the IPsec on the LAN and IPsec tunnel IP.
But we cannot access the secondary over the tunnel.
I know, that the secondary can only be accessed from its LAN management IP, and this interface has no routing, therefore no default gateway.
I've tried creating a masquerading NAT rule, that masquerades my requests for the secondary management LAN IP behind the LAN IP address of the primary.
But this doesn't work.
I can see the packets coming into the primary. I can see them beeing masqueraded behind the primary LAN IP. But I see no answers coming back from the secondary.
Am I missing something? Theoretically, the moment I masquerade, for the secondary the requests are coming from a LAN IP.
Added TAGs
[edited by: emmosophos at 5:30 PM (GMT -7) on 28 Jun 2024]