Solved: Detination NAT rules

CPRQ · ‎2021-07-07

Couple of question about destination NAT. Is destination also have hide nat as we can do many source hide behind with one host or dynamic natted to few hosts (pool).
Is the following example will work?

Example #1:

O-Src: 10.0.0.0/8
O-Dst: 10.0.1.0/24
T-Src: 10.0.2.1/32
T-Dst: 192.168.1.0/24
Example #2:
O-Src: 10.0.0.0/8
O-Dst: 10.0.1.1-254 (range)
T-Src: 10.0.2.1/32
T-Dst: 192.168.1-254 (range)
Example #3:
O-Src: 10.0.0.0/8
O-Dst: 10.0.1.0/24
T-Src: 10.0.2.1/32
T-Dst: 192.168.1.1 (hide)

Example #4:
O-Src: 10.0.0.0/8
O-Dst: 10.0.1.0/24
T-Src: 10.0.2.1/32
T-Dst: 192.168.1.1-4 (pool)

PhoneBoy · ‎2021-07-07

You can do many to fewer NAT on a source address.
For a destination, you can only do 1-1 NAT.
Which suggests example 1 and 2 will work, 3 and 4 will not.
You can try to configure this, but you’ll very likely receive an error when you push policy.

View solution in original post

PhoneBoy · ‎2021-07-07

You can do many to fewer NAT on a source address.
For a destination, you can only do 1-1 NAT.
Which suggests example 1 and 2 will work, 3 and 4 will not.
You can try to configure this, but you’ll very likely receive an error when you push policy.

CPRQ · ‎2021-07-07

Thank you.

the_rock · ‎2021-07-07

Dameon is correct. I attached screenshots of what you wanted and error I got.

CPRQ · ‎2021-07-07

Great, thanks for testing.

the_rock · ‎2021-07-07

No worries at all, if you have any other rules you want me to try, happy to do it.

Are you a member of CheckMates?

Detination NAT rules