Azure SMA 500v - tunnel mode (NAT vs Route)
I have an SMA 500v in azure and I cannot get "route" mode working for users.
As soon as I set this to route mode the users can only get to the SMA X0 IP and nothing else.
I have a very simple setup for testing and the policies/routing for the groups do not change between setting this to either nat or route mode so it is not that.
To keep it simple I put the clients in the same subnet as the X0 on the SMA
I have an NSv in between the SMA subnet and the NSv subnet, with servers behind the NSv
Traffic flow is: SMA X0 subnet -> X1 subnet NSv X0 subnet -> Servers
Routing is fine as everything works when I change to NAT mode and the remote clients on the SMA are nat'd to the SMA X0 IP.
Azure route table objects are added to correct interfaces to move traffic between azure subnets through the NSv, as noted the SMA X0 IP can get to everywhere (even a remote subnet on a VPN over a site to site on the NSv), all NSGs allow all traffic between vnet to vnet. When the users are nat'd to the SMA X0 IP it all works fine, when the users are given an ip in the same subnet as the SMA X0 IP and route mode is on, they can only get to the SMA X0 IP and I cannot see the traffic hit the NSv X1 IP.
It looks like the SMA isn't routing the client traffic out when in Route mode, as I dont see it on the NSV packet captures.
SMA on latest Firmware Version10.2.0.3-24sv