Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 1595 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple PUBLIC IP leashed line setup for NAT

ywillie

Hi .
I'm having trouble trying to get one of the Public IP(Alias) to be nat onto voice subnet interface.
Here's the diagram below.
Network Diagram.

Here's what i configure for the Leased IP Line.

For voice LAN interface Subnet i configure as below.

As for rule. I did it as below.

I have trouble reaching 202.111.122.113 via 4000 to 4008.

May i know which settings i did wrong or is there something i left out ?




This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Assuming you're able to make a successful connection on 202.111.122.113 with 5060:5071 ports.

    To check further with the 4000:4008 port, you may first try to change 'Use Outbound Address' under Masquerading to default MASQ.

    If that doesn't help then try disabling Masquarading once.

    You may check traffic flow in the console by using the below command.

    ==> Login to SSH > 4. Device Console

    console> tcpdump 'port <port number>

    eg: console> tcpdump 'port 4000

  • 0 in reply to FormerMember

    Hi. Thx for the reply. connection to 202.111.122.113 with 5060 to 5071 did not worked either even after i did the DNAT rule.
    I've been checking the logs from Log viewer. By using my home internet connection to remotely reach 202.111.122.113.
    I crossed checked my home internet src ip :public ip 222.112.114.22 icmp and tcping towards destination ip:202.111.122.113 .
    Seems to me all relevant ports from 4000 to 4008 and icmp was actually allowed.
    However this only stops at 202.111.122.113. 
    When i tried to search src ip:172.20.110.11 . There was nothing.
    There's actually a TPLINK router TL-R600VPN router with ip 172.20.110.10/24 after interface A5 .
    I do suspect that the router do not have a static route on it. It does not know where's the exit interface.

Reply
  • 0 in reply to FormerMember

    Hi. Thx for the reply. connection to 202.111.122.113 with 5060 to 5071 did not worked either even after i did the DNAT rule.
    I've been checking the logs from Log viewer. By using my home internet connection to remotely reach 202.111.122.113.
    I crossed checked my home internet src ip :public ip 222.112.114.22 icmp and tcping towards destination ip:202.111.122.113 .
    Seems to me all relevant ports from 4000 to 4008 and icmp was actually allowed.
    However this only stops at 202.111.122.113. 
    When i tried to search src ip:172.20.110.11 . There was nothing.
    There's actually a TPLINK router TL-R600VPN router with ip 172.20.110.10/24 after interface A5 .
    I do suspect that the router do not have a static route on it. It does not know where's the exit interface.

Children
No Data
Unfiltered HTML