This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Red 10 Split Mode / NAT

Hello.
In our mainoffice (8MBit up/down) we have a UTM120 installed. we have a small office that is connected via a Red 10 device using unified mode. Behind the Red 10 there is a Webcam connected. We can access the Webcam via internal IP or the internet through the UTM 120 (external IP) where we have a Nat rule to the Webcams IP. Until now that works great.

Now we have a new cable connection with 30Mbit´s at our small office.
We want to send the normal internet traffic directly to the internet at the small office, but still use the external access to the Webcam from our Mainoffice.
This seems not to work in split mode. The internal access works correctly for all devices including the Webcam. Only from external there seems to be a problem.

Any ideas?

This thread was automatically locked due to age.

0 BAlfson over 10 years ago

This is a variation on the theme of offering a web server over a VPN.

Consider a packet arriving from 23.24.25.26 which is DNATted to the webcam. When the RED was in unified mode, the response to 23.24.25.26 was sent to the UTM. Now, in split mode, the RED sends the response packet directly back to 23.24.25.26 where the client discards it.

The answer is to replace the DNAT with a Full NAT where the Source is changed to "Internal (Address)."

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel