Weird NAT ISSUE while trying to use policy routing
I'm trying to configure policy routing on pfsense, i'm close to get it working but… It's not.
A quick diagram :
By default SRV1 use IPSEC connection to reach SRV2.
I want SRV1 to use MPLS instead.
- i created a rule for SRV1 when he needs to reach SRV2 to use MPLS gateway.
- I created a NAT rule when SRV1 reach SRV2 using MPLS link to use IP of MPLS interface.
- I created a rule on FW2 to allow MPLS'S IP of FW2 to reach SRV2.
I though it would be enough and it seems i'm close to it.
I tried with a ping :
- SRV1 send his ping to FW1
- FW1 send the ping to SRV2 with FW1 MPLS IP
- FW2 receive ping from FW1 destination SRV2, packet forwarded
- SRV2 receive the ping and send the reply
- FW2 receive the ping reply and send it to FW1 IP
- FW1 receive the ping reply on MPLS interface
then the trafic stop. FW1 do not forward the packet to SRV1.
The same thing happend if i use TCP (RDP for exemple)
I just ran some test.
I tried the same thing from SRV2 to SRV1 and it's working.
Any idea why it is not working from SRV1 ?