Create a Post
Showing results for 
Search instead for 
Did you mean: 

Manual Static NAT question

Jump to solution


I would really appreciate it if someone could help me clarify the following issue.


Say that I have a site2site VPN. Traffic is initiated from the remote site. I would like to hide my internal server IPs behind a NAT subent, lets call it NAT_Internal.

Because I want my internal servers to still have internet access, I suppose that I need to create manual static NAT rules.The question is... do I need to create bidirectional manual static rules or just in one direction, depending on who initiates the traffic?

Example of rules:


Original source: Real_inside_IP  --> Destination Source: Remote_subnet  Translated source: NAT_subnet_IP --> Translated destination: Original


Original source:Remote_subnet --> Destination Source: NAT_subnet_IP Translated source: Original --> Translated destination: Real_Inside_IP

The traffic will be initiated from the remote site. So are both rules needed?

My other question is if the policy access rules should contain the NATed IPs or the real IPs.


Thank you in advance!

0 Kudos
4 Replies
This widget could not be displayed.