Hope someone can see what i am missing or doing wrong. My Scenario is the folowing, i have a NS5200 running on 6.3.0r25.0. It hangs of my
Cisco Router via a port 2/1 and has an Address of xx.xx.176.6/30 where the cisco is xx.xx.176.5/30. All works fine and i can hit all route IP's both ways. On 2/7 i have a subnet of 192.168.8.1/24 which has connection to all my ILO ports of my Servers. Problem is i need to access them from the outside which means i have to map Public IP's to these. My intention is to use a subnet i have xx.xx.190.xx/24 to do so. As i cant add a secondery subnet to my public interface i went the folowing route based on docs i found.
here is the relevant config
set interface "ethernet2/1" zone "Untrust"
set interface "ethernet2/7" zone "Trust"
set interface ethernet2/1 ip xx.xx.176.6/30
set interface ethernet2/1 route
set interface ethernet2/7 ip 192.168.8.1/24
set interface ethernet2/7 nat
set address "Trust" "ilo-35" xx.xx.190.35 255.255.255.255
set policy id 6 from "Untrust" to "Trust" "Any" "ilo-35" "ANY" nat dst ip 192.168.8.35 permit log count
set policy id 6
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 interface ethernet2/1 gateway xx.xx.176.5
set route 209.0.190.35/32 interface ethernet2/7
Need less to say it isn't working. So what am i missing ? if i look at the counters i never see the policy beeing hit etc.