Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sajin
Contributor

Traffic from FW takes External IP

HI,

We need to configure all firewall in the remote location with Centralized NTP.  NTP is in HO and we are connecting remote sites only through VPN. Remote Firewalls  are not able to connect to NTP and not able to ping. 

In the tracker we identified the Remote Firewall takes its External Public  IP as the source and is dropped in the HO FW,  as encryption domain IP is only allowed.

The firewall is configured with HO DNS and nslookup  from the Remote FWs is resolving with the HO DNS .

All other communication other than nslookup is taking the Public IP to reach HO DNS.

 

0 Kudos
3 Replies
Maarten_Sjouw
Champion
Champion

Try to change the VPN community and set the option: Disable NAT inside the VPN community.
You can also try to setup a NAT rule to make sure that you use the internal interface IP when you access NTP server, or any of the other services that do not work properly.
It can also be part of the implied rules, which among other things LDAP is one of.
Regards, Maarten
0 Kudos
sajin
Contributor

NO NAT rule is present between Encryption Domains. Is it mandatory to Disable NAT in the community?.

0 Kudos
Wolfgang
Leader
Leader

sajin,

maybe you have configured automatic NAT on the firewall object or on the network object ?

Disabling NAT in the VPN community is not mandatory, but if enabled no NAT is done for the connection going through the VPN tunnel, whatever is configured in the NAT rulebase.

Wolfgang.

 

0 Kudos