XG136 Routing with ISP Complication

Hello All

We are changing ISPs and elected to not go with a Managed Router by the ISP.

Therefore the new IP address schemas they provided are as follows:

WAN

  CR IP: 32.*.*.182/30

  AR IP: 32.*.*.181/30

  WAN IP: 32.*.*.180/30

LAN

  Gateway: 12.*.*.105

  Usable Range: 12.*.*.106 thru 12.*.*.110

  Subnet Mask: 255.255.255.248

If we would've gone with a Managed Router, then we'd setup our XG WAN interface with the LAN details (12.X.X.X)

Instead, we have to setup routing between WAN (32.X.X.X) and LAN (12.X.X.X) first. I understand how to do this with a separate piece of hardware but not with the XG.

Internet  <--->  WAN (32.X.X.X)  <--->  LAN (12.X.X.X)  <--->  XG WAN (12.X.X.X)  <--->  XG LAN (192.168.X.X)

With that said how do I configure the XG so that if a User (192.168.X.X) navigates to sophos.com, the network path routes to XG WAN (12.X.X.X) and then routes to WAN (32.X.X.X) and finally to sophos.com? If I were to do a public IP lookup, it should show (12.X.X.X), not (32.X.X.X).

Hopefully that makes sense.

Your help is appreciated!

Thank you



Added TAGs
[edited by: emmosophos at 5:28 PM (GMT -7) on 22 Jul 2021]
Parents Reply Children
  • Hey Devesh

    Thanks for your quick response.

    I attempted to add alias' to the WAN port and then modify the NAT rules, but it didn't work. I'll give it a shot again and post my config screenshots.

    As for the configuring the IPs on the router and XG, I'm attempting to configure both IPs (32.X.X.X and 12.X.X.X) on the XG. I don't want to add another physical router between the ISP Ethernet handoff and the XG. The XG config on how to make this work all on the OXG platform is what I'm not understanding.

    Btw this is on XG v18.

    Thank you

  • Can you do it this way and test it?

    Add a NAT rule, with Source as your LAN network, and change the SNAT to the IP (12.x.x.x). Optionally you can select outbound interface as the Port which has 32.x.x.x IP address. Keep the NAT rule on top. 

    You can also keep the IP of the test machine in LAN in the "Originial Source" if you don't want to hamper the entire network

    Snapshot for your reference,

    Devesh Mishra
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, use the 'Verify Answer' link.
  • HOLY SMOKES!!! That simple NAT rule did the trick!!! I was trying to complicate things by looking for a way to have the XG create Static Routes and Gateways instead of translating the IP Src using NAT.

    I followed your screenshot precisely. For the physical WAN interface, I add the 32.X.X.X network details first and then added the 12.X.X.X networks (5 usable IPs) as alias, just like you mentioned.

    Thanks again! 

  • Good to hear that the solution worked for you  Sunglasses

    Its always recommended to use the Allocated IP pool as Alias IPs and then Use NAT rules to translate the required IP.

    Devesh Mishra
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, use the 'Verify Answer' link.