Different rules depending on SSLVPN user group ?
I'm trying to apply different NAT Rules to users users depending on if they are connected to SSLVPN or not and added to an user group (optionnal but would be useful).
Here is what I want to do :
#1 : If an SSLVPN user (origin = 10.10.xx.xx) added on group "my group" asked public IP 126.96.36.199 (80)
=> Redirect to private IP 188.8.131.52 (80)
#2 : If a public user (origin = any) / no group asked public IP 184.108.40.206 (80)
=> Redirect to private IP 220.127.116.11 (80)
What I did is 2 Access Rules :
#1 : From SSLVPN to DMZ - Source 10.10.xx.xx - Dest 18.104.22.168 (80) - Users Incl. "my group"
#2 : From WAN to DMZ - Source Any - Dest 22.214.171.124 (80)
And 2 NAT Policies :
#1 : Source 10.10.xx.xx - Original Dest 126.96.36.199 - Translated Dest 188.8.131.52
#2 : Source Any - Original Dest 184.108.40.206 - Translated Dest 220.127.116.11
#1 rule and NAT Policy have a lower priority number
But connected or not, everything goes through #2 rule and NAT Policy (0 packet on #1) ).
Does anyone know what I'm doing wrong ?