This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Special NAT Question

Hi all,

 

today I tried to get a special setup working. We are about to implement a link L2 Link to another customers firewall. We need to implement nat between the networks. Company AB will initiate connections to SAP Servers on Company XY LAN and SAP will send printjobs to printers in Company AB Lan. So we have bidirectional communication, which need to be natted/translated.

 

Now the setup is as follows (as Company XY provided info about how to to the setup):

 

Now I built this in the lab and tested the access via http from Server in Company XY to Printer. I tried to open http://172.30.45.40 (natted IP of printer) I made a tcpdump on eth6 on Company AB FW. It showed arp requests, comming from 10.100.100.1, that´s the address the company will hide behind (don´t ask why). This requests were never answered by Company AB FW. It started working, when I added a secondary IP Address on eth6, the nat address 172.30.45.40. In that moment Company AB FW replied to arp and the website showed up on Company XY Server. I also played with proxyarp etc...

Now my question: Is there a more elegant way to get this running? I would like to avoid creating ~100 entries a secondary ip addresses.

 

 

Regards

Sebastian

 



This thread was automatically locked due to age.
Parents Reply
  • Hi Sachin,

     

    on FW Company AB, a static route for 10.100.100.x points to 172.30.45.1. The firewall rule is Allow ip any from 10.100.100.x to translated Printer address for example. But as I said, it is working, when I add the secondary ip address for each NAT entry, in that moment the UTM will reply to arp requests.

     

     

    Regards

    Sebastian

Children
No Data