Hello,
You mentioned:
afif-net wrote:
The reason i'm nating the src is due to the routing issue from the server side. After create the VPN, Site B can ping to Site A firewall IP trust zone (10.20.5.27) but can't reached to the server IP (10.20.5.7)
At the same time, you want to preserve the actual source-IP for secuiryt logging. This is simply a conflict.
The best solution here would be to add a /24 route on the server, for 10.20.4.X/24 with 10.20.5.27 as the gateway. Then, you can remove the NAT, so that server can see the actual 10.20.4.X IP.
The solution proposed by Rushi will also work, but do not use 10.20.5.x/24for MIP; it will create an IP conflict in Site-A LAN. Use some dummy subnet, that is not used in Site-A (10.20.222.1/24??).
But, even this will need a route statement to be added to the server.