A public IP address is required on the ADN/ProxyClient Concentrator to make this set up work, as the ADN/ProxyClient Concentrator will use that IP on itself to broadcast the Explicit ADN route to another ADN peer, including the ProxyClient.
In a scenario where the ADN/ProxyClient Concentrator only has a private network IP address and the Client is located on a Public Network, the ADN/ProxyClient Concentrator will broadcast a private network and the Client on the Public network has no way of establishing an Explicit ADN tunnel to the ADN/ProxyClient Concentrator IP.
However there is an option to implement this, but it only works if there is no other ADN peer in the internal network. The changes need to be done on the Concentrator for the ProxyClient traffic .
The Firewall which faces the Public Network needs to NAT the "Proxy" Public IP to the Proxy Internal IP.
On the ProxyClient Concentrator
- In the ProxySG Web Management Console select Configuration > ADN > Tunneling > Load Balancing > Explicit > External VIP.
- Specify the public IP on the router which will be NATed back to the Concentrator located in internal network.