Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 5583 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge WAN IP to internal device

Ivo Biermans

Hi Guys (and Gals),

Have a question. We have a Sophos XG330 deployment (ver 17.0.6), and /27 WAN IP assignment.

Everything is working well. However I would like to bridge one of the IP addresses from the /27 directly to an internal device, bypassing Static 1-to-1 NAT.

I  would like to give the internal device the WAN IP. Reason for this request is because a Static NAT (S/D-NAT) does not work properly. The device on the other end is a SIP device.

I have already disabled the SIP Helper but this does not seem to change anything.

 

If anyone has any idea's how to achieve (preferably step-by-step instruction) this it would be greatly appreciated!!

Regards.



This thread was automatically locked due to age.
  • 0

    Hi,

    which device initiates the traffic? Please provide a simple network sketch of network with packet flow. What do the logs show during a failed call attempt?

    Is the external device a VoIP phone or PABX, is your internal device a SIP PABX or just VoIP phone? What ports do the devices use?

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    Thank you for replying.

    The "device" in this case is a Cisco Expressway E virtual machine. They are used to terminate remote phones and or Cisco Jabber devices.

    The call is made with no issue, either initiated internally or externally. The problem I have is that it disconnects after 30 seconds.

    I have deployed many of expressway setups with no issues. This is the first time on a Sophos firewall however...

    The logs don't show anything useful when the disconnect happens.

    Ports are: 5060, 5061, 8443, 5222 2777, 2776

    UDP: 36000 - 59999, 2777, 2776

    I don't have a diagram available at the second as I am typing this on my phone.

  • 0 in reply to Ivo Biermans

    Hi Ivo,

    for the incoming traffic you probably need a DNAT or even policy based routing.

    Unless one of the forum mods looks into your issue you might need to get your reseller/partner to assist.

    Ian

  • 0 in reply to rfcat_vk

    Hi Guys,

    Just letting you know I have been able to fix the issue.

    By removing the "Rewrite Source address" and "Create Reflexive rule" is it working fine now.

    Cisco Expressway automatically rewrites the source IP address (to external) by enabling the Static NAT option on Expressway E.

    Regards.

  • 0 in reply to Ivo Biermans

    Ivo,

     

    I am having issues getting the expressways set up with the sophos rules. Could you help me out. What rules are you using to get this to work. I have done it with ASA's countless times but can not seem to get the sophos talking correctly.