This behavior seems undesirable. If both vlans are "inside" to the controller, why must all packets get nat'd between them? Is there any way around this?
Currently i have two controllers that are connected to each other and i would like to route between vlans 1 and 2 without nat taking place. All three vlans are marked as nat inside, but all traffic from end user vlans is presented as the closest controllers IP address.
VLAN 10 = 10.1.0.0 / 16
VLAN 20 = 192.168.20.0 / 24
VLAN 4090 = 172.16.0.16/29
VLAN10 <---> Controller 1 <----> VLAN 4090 <----> Controller 2 <----> VLAN 20
A ping running from vlan 20 client 192.168.20.20 destined for vlan 10 10.1.30.17 arrives at the client with the source IP of Controller 1s vlan 10 interface.
10:00:08.039516 IP 10.1.0.1 > 10.1.30.17: ICMP echo request, id 1, seq 176, length 40
10:00:08.039572 IP 10.1.30.17 > 10.1.0.1: ICMP echo reply, id 1, seq 176, length 40
Any ideas? Maybe a firewall policy that will shove traffic to be nat'd one way while "internal" traffic does not get nat'd and is allowed to route? I know other vendors used a "nat outside" statement on external facing interfaces, kinda wish i had that for the interface i need to nat out of.