Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

NAT with Multiple external interfaces

I currently have CP 12600 firewall with an external interface to internet and internal interface. We have  NAT defined for all external flows. I want to create another external interface that will receive dynamic routes via BGP . I also want to assign a NAT pool to SNAT all flows sent via this interface. The challenge I have is how do I define this NAT when the destination ranges are dynamic and unknown ? My existing NAT from internal to external internet has 'any' for destination ranges which will overlap with any new NAT rules that can create. 
In summary,
a.how do I define NAT pool to SNAT all traffic send via the new interface ?
b. if there are overlapping NAT statements will CP check outgoing interface based on routing before deciding the NAT statement to use ? or will it process on the basis of order of NAT statements ? 

0 Kudos
Reply
3 Replies
Advisor

Well, do you want to use ECMP ( which should be enabled by default ) to load balance the traffic or just move all traffic to the new interface ?

If you want to move it to the new one, just change the nexthop for the default route and modify NAT table accordingly.

Otherwise, just add another default route with the nexthop and add another rule with dst any ( haven't tested, but should work ).

 

0 Kudos
Reply
Explorer

Hi -The current internet interface will be the one used by default;however, I want routes received via BGP on the new interface to be NAT’d using a separate pool of IP addresses. As I don’t know what these addresses are beforehand , how will I define the NAT? 

0 Kudos
Reply
Advisor

The best way, in my opinion, to wait and see the BGP peer come up and the routes for it, then create a dynamic object or network group and the do the NAT-ing.

0 Kudos
Reply