Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Inside Interface to OutSide Interface

Good Evening, I am running 3CX.  My internal network is 172.16.10.0/24, but external is 192.168.0.0/24.  I need to NAT 172.16.10.14/24 port 5001 to 192.168.0.50.  I was able to get 192.168.0.50 active however it was only taking me to my XG for signin vs actually NAT'ing my internal device.  Please help



This thread was automatically locked due to age.
  • Hi,

    please your firewall rule.

    Your firewall should look like any - internal network -> any - > external network-> service port 5001 -> allow -> log

    You will not need MASQ.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I tried that, I had to remove it, these are seperate interfaces, 172.16.10.x is on one interface and and 192.168.0.x is on another

  • Hi,

    I suspect you have not explained your requirements very well.

    The pointing an internal port at the XG external will not achieve anything.

    The rule I suggested LAN, 172 network - WAN - 192 network port 5001 - allow - log will work.

    What you are not saying is where the 3CX is and what connections does it offer ? 3CX from memory is a digital PABX which you appear to be trying to use to provide internet gateway functions?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Correct, 3cx is internal, I have 4 dell servers in my lab, I have 3cx running on debian internally.  I have to NAT that internal to external and open up port 5001, that way I can connect into their cloud service as well as hook it into Office 365 externally.  I would do a port translation on my edge router.

     

    Basically I have a router, (internet provider), connected to a dude router, on the dude router I have my external interface for my firewall and one other device, this allows me to physically connect other devices in a dmz that I don't want to use the firewall for.  I just need to NAT it externally the cloud 3cx side to hook into it

  • Hi Stephen,

    a better way to achieve what you are after is the following firewall rule.

    LAN - > 3CX(IP address) -> WAN -> dude router (IP address) - > 5001 -> allow -> log.

    You will not need a NAT between the 172 and the 192 address networks.

    You will more than likely run into debugging issues with the VoIP because VoIP does not like double NAT which I assume you will have with your dud router and your ISP router?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • This one saveid

     

    This one saved I added ICMP as well but cannot ping it from inside

  • Hi Stephen,

    I think you are trying too hard to confuse yourself?

    Your 3CX is a VoIP PABX inside your firewall. Nobody can connect to it unless it establishes a connection.So providing a protected server firewall rule will not have any traffic through it.

    The 3CX needs to setup and tell your ISP that it is online ready to receive calls. The calls will all be managed by your outgoing firewall rule contrail/SPI functions of the firewall.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.