<< Question is solved. The firewall on L1_SRV2 was explicitly blocking traffic from outside the local LAN. This went unnoticed...>>

Scenario: (see picture for clarification)

• I have a service hidden away in a guest on server L1_SRV2. Service runs on port 5000
• I use VMWare's NAT on vmnet8 to port forward the host's port 15000 to this guest's 5000 (and open the right ports in the fw)
• This all works fine if I access it from a PC on this same LAN, for instance L1_PC.
  It can access the guest's service as 192.168.0.2:15000

Problem:

• When I try the same through the red path from L2_PC, it fails: timeout on connections.
• The forwarding seems to work fine, since I can access similar services on LAN2 in the same way.
  Only the service that is hidden behind VMWare's NAT seems to fail.

I agree the two address translations (first the NAT on the NAT router, then the RRAS on the L1_SRV) seem overcomplicated, but it comes with the current deployment, so no easy way to get rid of.

Any reasons why this fails?

<< Question is solved. The firewall on L1_SRV2 was explicitly blocking traffic from outside the local LAN. This went unnoticed...>>

Thanks,

Johan