This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNAT not working, return traffic stills goes to the orginal IP(H.323 packets)

Hello,

 

I'm trying to do figure out the following, we have a Avaya office PBX on a external location, between us and that location there is an IP-VPN connection. Between the router building the IP-VPN tunnel and the phone we have a Sophos UTM 9.The Avaya office PBX only accepts connections from network A, so I created an SNAT to change the IP of the phone from B to A. This seems to work the only probleem is that the Avaya office PBX want to sent traffic back to the orginal IP B, there is still someting hanging inside the H.323 packet with the orginal IP.

Anny idees?

Thanks.



This thread was automatically locked due to age.
  • Hi, Werner, and welcome to the UTM Community!

    I can't see any way to do this.  I think you need to get the Avaya PBX to accept packets from network B.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Possible cause: That behavior is known to happen if you turn on Network Protection > VoIP > SIP Protocol Support. That subsystem gets the first crack at the packets before SNAT and basically makes SNAT work incompletely. If you have that on; turn it off and setup all your SNAT/DNAT rules by hand and it will then work as expected.

  • It sounds like the SNAT is working, but that a Full NAT is needed.  There is no 1-to-1 Full NAT that can handle all of the phone IPs, so a separate Full NAT would be required for each phone - probably in each direction.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • After my reseller had some contact with Avaya they came to the discovery that the probleem was @ the Avaya PDX side. After they changed something the nat rules where working fine.

    Thanks for all the effort.