VPN traffic via NAT rules from WAN -> My Firewall -> Second Firewall
We have a provider that needs to establish a VPN connection, through our firewall, to a cloud provider. Behind our Firewall is a Palo Alto that has a VPN Policy with a source IP of one of our WAN IP's, a destination IP of the cloud provider, and a shared secret. We provided an available LAN IP for their Mellanox switch. They gave me "firewall instructions" to allow different types of traffic. It looks something like this:
Palo Alto (OUR public IP) -> OUR LAN IP -> Our Sonicwall NATS that LAN IP back to the same Public IP used on the Palo Alto VPN Policy Source -> Cloud provider IP
The NAT rules for this VPN are for ICMP, TCP 500, UDP 500, TCP 3978, PING and IPSEC. In Packet Monitor I see very few "forwarded" packets from the LAN IP to the Cloud IP. I'm not sure if I've checked all the correct boxes. Do I need to set the Cloud IP's address objects as a zone vpn or is host okay? I only have NAT and Routing rules, do I need access rules too?
Thank you in advance