Hi. Need help here. i am having trouble with my sstp set up. when i set the nat rule action dst-nat to addresses 10.10.20.6 (sstp secret remote address) i cant connect to that router. but when i set that address to its caller id IP. i can connect to it.
Now please pretend that you are another forum member who knows nothing about your configuration and try to understand the description.
After about 5th reading, my conclusion is that you’ve got one router acting as an SSTP server with a public address and another router that has no public address and acts as an SSTP client, and you want to use port forwarding (dst-nat) on the SSTP server to connect to the client via the SSTP tunnel via the public address of the server.
The fact that it works if you set to-addresses in the action=dst-nat rule to the “external” IP address of the client suggests that you are testing it in a lab where the external address of the client can be reached from the “outside” (i.e. there is no NAT and/or firewall between the client and the server).
In general, the most efficient way to get a useful answer is to export your configuration using a terminal command export hide-sensitive file=some-nice-name, download the file, replace the first two or three bytes of any public IP address in it by something like public.ipAusing a “find&replace” capability of your favourite text editor (so that the fact that several public addresses are in the same subnet remains visible), and remove any login names to external services etc. After this anonymization, post the contents of the file as code here (using the </> button above).
Since two routers seem to be involved here, you have to do that for both of them.