Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
eliaskoudounas
Explorer

CGNAT Is not working on secondary WAN interface

Greetings,

I come across a problem on current installation with an SMB Device.More precise:

Quantum Spark 1600 Appliance version R81.10.10 (996002945).

There is two wan interface on on DMZ with IP x.x.x.x/28 and the other on the WAN interface with IP y.y.y.y.y/31.

The SD-WAN Functionality is active and traffic from internal client can be redirected based on policy protocols etc, and that's support some core functionality for the network(traffic shaping).

The problem is on NATting service outside the LAN.

While using the DMZ interface with gateway IP on the network x.x.x.x/28  which include IPs provided by the ISP on the same range x.x.x.x/28 everything is working as expected.

When using the WAN interface with gateway IP is on this network y.y.y.y.y/31 the provided IPs from the other ISP is on another network z.z.z.z/30 and NAT rules doesn't seem to work despite giving the internal client the SD-SAN policy to use routes from the second interface y.y.y.y.y/31. Also i followed this guidance https://support.checkpoint.com/results/sk/sk114531 to configure proxy arp for all the network with the according MAC address of the interfaces and nothing seems to work.

The only way that the NAT worked is only when  a static rule on the routing table was created and configured with the next hop to be on the secondary interface here is an example.

Anyinternal-client/32Any
 
Secondary (WAN)
0Static(PBR)60

 

Have anyone had any similar situation on an SMB appliance, the problem is that this solution is not fitting when you need to configure many internal servers and need to add static routing for each one.

 

0 Kudos
2 Replies
AkosBakos
Leader Leader
Leader

Hi @eliaskoudounas 

The /31 mask is strange. It contains only network address and broadcast address. No usable IP (host) are in this subnet.

IP Address: 10.0.1.0
Network Address: 10.0.1.0
Usable Host IP Range: NA
Broadcast Address: 10.0.1.1
Total Number of Hosts: 2
Number of Usable Hosts: 0
Subnet Mask: 255.255.255.254

 

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
eliaskoudounas
Explorer

Hello,

Thank you for you time.

The ISP provide me with this network on our example will be something like that

IP Address:172.132.125.32
Network Address:172.28.125.32/31
Usable Host IP Range:172.132.125.32
Broadcast Address:172.132.125.33
Total Number of Hosts:2
Number of Usable Hosts:1
Subnet Mask:255.255.255.254

 

The second ISP internet connection is currently active and working, thus routing internal traffic and nat is also accessible when i enable the static route

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events