Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3252 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNAT Confirmation?

Louis-M

We have a physical interface on a UTM330 172.1.1.1/30

It is connected to a router (172.1.1.2/30) and this router has x amount of clients (lets call then Y clients) behind it that are natted (so everything appears to come from 172.1.1.2)

Our physical interface then has to route to another network (192.168.5.0/24) and a static route has been entered.

The UTM has an interface address of 192.168.5.6/24 and we have an additional interface on the UTM 192.168.5.4/24

So, we need anything coming from (Y Clients) to SNAT to 192.168.5.4/24 and a corresponding DNAT for traffic hitting 192.168.5.4/24

I have the following:

SNAT:

Traffic from: 172.1.1.2
Using: ANY
Going to: ANY

Change Destination to: 192.168.5.4

DNAT:

Traffic from: ANY
Using: ANY
Going to: 192.168.5.4

Change destination to: 172.1.1.2

Something is not quite right here and you know when you head spins a little so you have to take that step back. So just looking for confirmation that my SNAT/DNAT is fine.

Cheers,

Louis



This thread was automatically locked due to age.
Parents
  • 0

    Louis, if you have admin rights on the Cisco's, why not just create routes instead of using NAT?  Even then, I think you would need routes in the UTM.  I would use Masquerading instead of SNATs.  I can't imagine that the DNAT would do what you want.

    Which interfaces have default gateways?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Louis, if you have admin rights on the Cisco's, why not just create routes instead of using NAT?  Even then, I think you would need routes in the UTM.  I would use Masquerading instead of SNATs.  I can't imagine that the DNAT would do what you want.

    Which interfaces have default gateways?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    I don't have access to the Cisco's unfortunately. The routes etc are in and other interfaces (not shown) have the IPv4 default gateway.

    It does work but it temperamental eg it takes it time with the connection coming up. The 2 Cisco's create a GRE tunnel between themselves once the link is up.

    Is there any advantage using a masquerade over an SNAT?

Unfiltered HTML