Analyzer and ipsec vpn
I have a working VPN infra already. I'm experiencing odd scenario on how to address this. All sites (40) able to reached my HQ and vice versa. Computer/s from different sites able to accessed HQ local resources. I'm am aware that from HQ FG in order for me to ping remote site/s is to use ping-options and defined HQ LAN interface. Now I'm introducing to have a centralize log repository in my HQ using FAZ. I selected few FG's from my different sites, and defined FAZ private IP on each FG's log settings.
The weird part here was that, FAZ cant recognized remote sites ip addresses. Given the fact that ip address, SM and routing was properly defined in my FAZ side. FAZ local ip and HQ FG are on the same subnet/vlan. Remote sites able to ping FAZ local ip.
Workaround was to DNAT my FAZ using my spare public address and that IP address was assign to each FG's log settings.
Any help or advice is much appreciated.