Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
cp_lfr
Explorer

VSX - NAT Configuration

Good morning, 

nice to meet you.

It's my first time I configured VSX, and with humility, I I say I'm having problems configuring the NAT rules.

AS you can see we deployed two VSs (one Internal and one External).

We would like to simplify as much as possible the NAT rules.

 

For example, we tried to NAT management network (Static NAT rule) behind Public IP, but it does not work.

Any suggestions about and how to configure NAT rules and where (which VS) in the easiest way to see less logs in the SmartDashboard are really appreciated (maybe with some examples).

Is there something wrong? I am really grateful to you.

Thanks, best regards.

 

0 Kudos
10 Replies
AlekzNet
Contributor

Just a quick suggestion:

> we tried to NAT management network (Static NAT rule) behind Public IP, but it does not work.

This is your idea:

- Real SRC:  mgmt network
- Real DST: Any
- Translated Source:  the external IP of the firewall (so you configure a dynamic PAT, or "hidden", not "static")
- Translated DST: = (he same as the real DST)

You can use the "hide the traffic behind the external IP", but personally, I prefer an explicit manual NAT rule.

 

0 Kudos
cp_lfr
Explorer

Hello, I posted all screenshots, but I am lost on this configuration 😅, any suggestion about configuration?

0 Kudos
the_rock
Legend
Legend

Do you have screenshot of how rules are configured?

0 Kudos
AlekzNet
Contributor

It was attached, and now it's deleted. The NAT rule on the screenshot was a static one from, for example, Net1 to Net1. Hence my note about PAT to the external iface.

0 Kudos
cp_lfr
Explorer

Hello, so, I posted all screenshots!

0 Kudos
Jarvis_Lin
Collaborator

When using manual NAT, ensure that Proxy ARP is properly configured and that the "Merge manual proxy ARP configuration" option is selected in the Global Properties under NAT settings.

0 Kudos
cp_lfr
Explorer

Hello, as you can see I posted screenshots.

In case, which IP address do I need to use as a proxy ARP?

0 Kudos
AlekzNet
Contributor

For outgoing PAT (to the external IP of the firewall/cluster) you do not need proxy ARP.

0 Kudos
cp_lfr
Explorer

 
0 Kudos
cp_lfr
Explorer

Hi everyone,

so, at the end, today I simply created an automatic NAT rule (Oject and then Nite, Hide Behing the Gateway).

There is NAT on External VSX (enabled NAT, Hide behind the Gateway).

I think at the moment is the best solution!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events