Number one thing: Stop using TFTP. Seriously. Don't do it. Especially for firewall configs.
Your problem is the direction of traffic flows. IMC can back up a device using these methods:
- TFTP the backup file *from* the device *to* the server
- FTP the backup file *from* the device *to* the server
- Use SCP to *pull* the file back to IMC from the device. Note that IMC *initiates* that connection
- Use SFTP (same process as #3, but using SFTP)
- Use CLI, where IMC connects to device via either SSH or Telnet, and runs "show run" or equivalent, and captures the output. CLI is the fall-back option.
Different backup adapters use different methods, as obviously it depends on the device. Some adapters have multiple methods they can try. They'll go through those in order until they get one that works. The other relevant item is the file transfer method. You can set that on a global default basis (default TFTP), and you can over-ride it per-device.
You saw the TFTP Server IP Variable in those scripts. By default, IMC will put its own IP in there. If you use NAT between IMC and the device being backed up, you need to put the NAT IP. The 'right' way to do this is in <IMC>/server/conf/qvdm.conf. You set server_nat_ip in there.
So then when IMC goes to back up a device using TFTP, it will tell the device to send the backup to that NAT IP, not the real IP.
However...that's a global setting. So you'd have the same problem as what you've seen where you changed the adapter.
The *much* better fix is to get IMC to use either SCP or CLI to backup the device. That way IMC makes an outbound connection to the device, and NAT won't be a problem for you. I'm assuming you're using the JuniperGeneric adapter. It looks like that has some code for SCP backup, but it is commented out. I don't know why. So you'll want it to use the CLI adapter. One way to force that is to change the file transfer mode for that device to use SCP. Then when the backup runs, it will look for an SCP adapter, see that it doesn't have one, then it will switch to CLI.
(Sorry for the wall of text, but hopefully it explains a bit about what's going on)
