AnsweredAssumed Answered

Hide NAT issues with virtual addresses

Question asked by Ilmo Anttonen on Nov 8, 2018
Latest reply on Nov 8, 2018 by Ilmo Anttonen

Hi,

In a scenario where I have a lets say /29 routable network and I use one of the addresses for my Internet interface. Behind this address I hide most of my Internal networks, which works just fine. Then I want to hide my guest network behind one of the remaining addresses. Or maybe a SIP server because my ISP want's my SIP traffic on it's own IP address. I want to use hide method so that I can hide more objects behind that address in the future

So, I either make a manual entry like:

 

 

Src addrDst addrServiceXlate SrcXlate Dst

Xlate Service

RFC1918-serversome-server-on-the-Internet5060(H)One-of-my-ext-addrOriginalOriginal
RFC1918-Guest_netanyany(H)One-of-my-ext-addrOriginalOriginal

 

Or I can select hide behind one of my external addresses on the network/host object.


I make sure these NAT rules come before any automatic or other rules that would affect the result and my gateway is not hiding these addresses. I have also made sure the ARP boxes are ticked under global properties NAT section. My Internet interface IP address is defined with the /29 mask. If i type 'route' in the cli the network is in the table.

If I hide these hosts behind the gateway address it all works. 
Where do I look?

 

I am asking because I recently found this problem at two of my clients and I haven't figured it out yet. The affected environments are R80.20M1 Mgmt + R80.10 GW and full R80.20.

 

/ Ilmo

Outcomes