Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 29 subscribers
  • Views 2935 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Full NAT in SFOS 18... how?

AlexanderPoettinger

I'm still confused on how to set up a Full NAT in SFOS 18.

Situation:

  • Routing Based IPsec tunnel (cannot use Policy Based IPsec with NAT)
  • Incoming requests for network 10.3.100.0 / 24 
  • Need to make Full NAT of network to 192.168.100.0/24 (because 192.168.100.0/24 network is already in use at source)

The description of the new separate NAT table in SFOS 18 says that it is now possible to easily make a Full NAT through this table.

Still both the SNAT and DNAT fields accept only IP addresses, IP ranges, FQDNs but no networks.

Have watched all the videos and read all the How-Tos I could find for NAT in SFOS 18 but cannot find any example of an implementation of Full NAT

Am I  missing something?

I'm running 18.0.1



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Hi LuCar,

    it worked.

    Thanks for the help.

     

    Alexander

  • 0 in reply to LuCar Toni

    ... that is good to know, thanks for the info!

    But why can't SNAT do the same?

    For example I have 2 B-networks (/16)
    Original source 192.168.0.1 - 192.168.255.254
    Translated source (SNAT) 10.10.0.1 - 10.10.255.254

    Unfortunately this function is not available there!

    In principle it works, but ...
    I would like to have a direct assignment here!

    So 192.168.55.12 becomes 10.10.55.12 ...

  • 0 in reply to Mark Facius

    This would need a 1:1 Mapping on SNAT. The 1:1 Mapping was implemented in the first step for DNAT to keep the netflow open. 

    Unfortunately this did not made the cut for SNAT. So it will either use the IP (MASQ) or random ip out of the SNAT range, if you select a Range. 
    From a network perspective, this works fine. Reporting Tools on the other hand are not going to work proper.  

  • 0 in reply to LuCar Toni

    I made the same observation and this is exactly the problem, on the "following device" no clear allocation to the source can be made in logging (in my case a web proxy) ...

    For example "Peter Sample" comes from 192.168.55.5 and would leave a log entry with the source 10.10.55.5 when calling Google.com.

    Thanks for your answer - we hope it will be implemented soon.