Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tropicanaslim
Contributor

Manual NAT - Port Address Translation

Hi All,

Right now i have some issue when configure Manual NAT using Port Address Translation.

For example :

  • <DNAT>  R81
    • Original: Any
    • Destination : x.x.x.x (public ip)
    • Original Service : 8443
    • Translate Source : Original
    • Translate Dest : z.z.z.z (local ip)
    • Translate Service : 443

However, the apps still cant access publicly. I read some docs, need to config the ARP? But i confused how to set up the ARP.

Is it mandatory to config the ARP for Manual NAT? Or any idea how to config Manual NAT without setting up the ARP?

 

Thank you everyone.

0 Kudos
2 Replies
Vladimir
Champion
Champion

Is the public IP, in your case, the IP of your firewall's external interface, or another address from your public IP range?

If it is the IP address of the firewall's interface, no manual ARP entry is required.

...but you still need to add another rule below yours, to ensure that the responses from Original Service 443 are translated to Service 8443.

If it is another address from the same public network, in addition to these two rules, you'll need manual ARP.

To do that, in Global Properties | NAT, check "Merge manual proxy ARP configuration"; OK

Publish changes and install the policy.

After policy is installed, SSH into the gateway and execute following commands:

add arp proxy ipv4-address AAA.AAA.AAA.AAA interface ethX real-ipv4-address XXX.XXX.XXX.XXX

save config

 

Where AAA.AAA.AAA.AAA is the public IP address you are using for that host, ethX is your External Interface and XXX.XXX.XXX.XXX is the IP address assigned to your External Interface.

MtxMan
Contributor

Hi @Vladimir 

Recently i have issue about this, i need to NAT using ipsec interface, is it possible? because peer side dont wanna add some routing, so i tried to NAT but still unsuccessful, i think i have problem with manual NAT.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events