Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Inside Interface to OutSide Interface

Good Evening, I am running 3CX.  My internal network is 172.16.10.0/24, but external is 192.168.0.0/24.  I need to NAT 172.16.10.14/24 port 5001 to 192.168.0.50.  I was able to get 192.168.0.50 active however it was only taking me to my XG for signin vs actually NAT'ing my internal device.  Please help



This thread was automatically locked due to age.
Parents
  • Correct, 3cx is internal, I have 4 dell servers in my lab, I have 3cx running on debian internally.  I have to NAT that internal to external and open up port 5001, that way I can connect into their cloud service as well as hook it into Office 365 externally.  I would do a port translation on my edge router.

     

    Basically I have a router, (internet provider), connected to a dude router, on the dude router I have my external interface for my firewall and one other device, this allows me to physically connect other devices in a dmz that I don't want to use the firewall for.  I just need to NAT it externally the cloud 3cx side to hook into it

Reply
  • Correct, 3cx is internal, I have 4 dell servers in my lab, I have 3cx running on debian internally.  I have to NAT that internal to external and open up port 5001, that way I can connect into their cloud service as well as hook it into Office 365 externally.  I would do a port translation on my edge router.

     

    Basically I have a router, (internet provider), connected to a dude router, on the dude router I have my external interface for my firewall and one other device, this allows me to physically connect other devices in a dmz that I don't want to use the firewall for.  I just need to NAT it externally the cloud 3cx side to hook into it

Children
  • Hi Stephen,

    a better way to achieve what you are after is the following firewall rule.

    LAN - > 3CX(IP address) -> WAN -> dude router (IP address) - > 5001 -> allow -> log.

    You will not need a NAT between the 172 and the 192 address networks.

    You will more than likely run into debugging issues with the VoIP because VoIP does not like double NAT which I assume you will have with your dud router and your ISP router?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.