Hello,
is auto hide NAT possible for the FW IP (external interface of course) in VSX configuration?
Specifically, we have an Edge Firewall (Virtual System) with two interfaces (internal and external). Both interfaces are directly connected to a border router (Cisco 6800).
[Expert@lntfw-pgtw2:4]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.196.0 0.0.0.0 255.255.255.240 U 0 0 0 bond2.997
192.168.196.16 0.0.0.0 255.255.255.240 U 0 0 0 bond2.998
10.100.98.0 0.0.0.0 255.255.255.0 UD 0 0 0 bond2.998
10.100.97.0 0.0.0.0 255.255.255.0 UD 0 0 0 bond2.997
x.x.0.0 10.100.97.1 255.255.0.0 UGD 0 0 0 bond2.997
0.0.0.0 10.100.98.1 0.0.0.0 UGD 0 0 0 bond2.998
Since the external interface has a private IP (10.100.98.101), the VS can't go to the Internet. So, I'd like to add a hide NAT (with one of our public IPs) to the 10.100.98.101 IP address. I already tried these two methods:
- Created an object with IP 10.100.98.101 and set the option "NAT --> Add automatic address translation rules --> Hide behind IP address" (with public IP).
- Created an object with IP 10.100.98.101 (let's call it Priv) and another object with public IP (let's call Pub). Then I added the object Priv in "Original Source" and the object Pub in "Translated Source".
Unfortunately, I didn't have success... both methods didn't work. Tcpdump shows always 10.100.98.101 as source if I try to ping or telnet some destination. So, since I read here this mechanism is feasible, I'm worndering if that is the same in VSX environments...
Thanks,
Francesco