Problem connecting to private service

Happy friday everyone,

I do have a doubt regarding connection to a private service.

The connection diagram is shown below

In an office, there’s a TP-Link ER605 router, private Subnet, Router private IP, router public IP 200.x.x.x

At the private cloud site there’s a Vyatta VRA 5600 public IP 201.y.y.y and private IPs 10.172.x.65 (VLAN 1) and 10.173.y.72 (VLAN 2).

Deep inside the cloud provider there’s an unknown router with private IP 10.170.x.66 that connects VLAN (2) and an internal service subnet

There’s a static route on Vyatta to and, I am able to ping the private service IP from the VRA.

I am able to ping Vyatta private interfaces from the computers on the office ( but not able to ping the private service.

Any thoughts on how can I get there?

Hi @mraquino,
The “unknown router” needs a route to via 10.173.y.72
Can you show “unknown router” routing table?

I do not have access to the unknown router, it’s managed by the Cloud provider. I only have access to the Vyatta and the TP-Link routers.

I do know several other users of the private service use the feature but I don’t know what is missing.

OK, then you can use NAT on Vyatta for traffic from to
NAT gives access to private service from private subnet

Would this work?

NAT Rulesets Information

rule intf match translation

100 dp0bond0 from to pinhole dynamic any →

Thanks @Nikolay!

I managed to have it working with your idea
set service nat source rule 100 source address
set service nat source rule 100 translation address masquerade


A command like this could be added (for more accurate NAT work):

set service nat source rule 100 outbound-interface {interface with VLAN2 address}