Device Group using public NAT
Hello,
I need to setup a sync-only Device Group to synchronize the GTM configuration.
My devices are located in two different AWS regions. AWS works using NAT so the bigips have private addressing, these addresses are then mapped to AWS public IPs (EC2 Elastic IPs)
I setup device trust under 'Device Management > Device Trust > Peer List'
I used the public (NAT) IP to retrieve the peer certificate and it works. The devices are happy with the certificates and the group is formed, however in 'Device Management > Overview' the peer appliance show as 'Disconnected'.
Using tcpdump I can see the appliances are trying to connect to the privates IPs of the each peer, obviously this will not work because the communication needs to happen over the public IPs.
I tried using iptables to do a DNAT but no luck.
Any advice will be very welcomed.
Many thanks,