I have an MX 250 as a VPN concentrator. It sits behind a firewall and we configured an inbound NAT (destination NAT) rule that matches the public IP of the firewall and port 65002 to be translated to the MX IP and port 65002.
Example: 1.2.3.4:65002 > 10.1.1.100:65002
Then we configured the SDWAN settings to use the Manual method and set it to the public IP of the firewall and 65002.
I can see new sessions being formed in the firewall using port 65002 but the NAT unfriendly message won't go away.
Questions:
How long does it take for that message to go away?
Is this the correct method of making it go away or did I miss a setting?
Is the only way to make the NAT unfriendly message go away, to do a full static 1:1 NAT for the MX?
Thank you.