Traffic from FW takes External IP

sajin · ‎2019-08-19

HI,

We need to configure all firewall in the remote location with Centralized NTP. NTP is in HO and we are connecting remote sites only through VPN. Remote Firewalls are not able to connect to NTP and not able to ping.

In the tracker we identified the Remote Firewall takes its External Public IP as the source and is dropped in the HO FW, as encryption domain IP is only allowed.

The firewall is configured with HO DNS and nslookup from the Remote FWs is resolving with the HO DNS .

All other communication other than nslookup is taking the Public IP to reach HO DNS.

Maarten_Sjouw · ‎2019-08-19

Try to change the VPN community and set the option: Disable NAT inside the VPN community.
You can also try to setup a NAT rule to make sure that you use the internal interface IP when you access NTP server, or any of the other services that do not work properly.
It can also be part of the implied rules, which among other things LDAP is one of.

Regards, Maarten

sajin · ‎2019-08-19

NO NAT rule is present between Encryption Domains. Is it mandatory to Disable NAT in the community?.

Wolfgang · ‎2019-08-19

sajin,

maybe you have configured automatic NAT on the firewall object or on the network object ?

Disabling NAT in the VPN community is not mandatory, but if enabled no NAT is done for the connection going through the VPN tunnel, whatever is configured in the NAT rulebase.

Wolfgang.

Are you a member of CheckMates?

Traffic from FW takes External IP