Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 904 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple PUBLIC IP leashed line setup for NAT

ywillie

Hi .
I'm having trouble trying to get one of the Public IP(Alias) to be nat onto voice subnet interface.
Here's the diagram below.
Network Diagram.

Here's what i configure for the Leased IP Line.

For voice LAN interface Subnet i configure as below.

As for rule. I did it as below.

I have trouble reaching 202.111.122.113 via 4000 to 4008.

May i know which settings i did wrong or is there something i left out ?




This thread was automatically locked due to age.
Parents
  • 0

    Hi ywillie,

    As per configuration screenshot, Use Outbound Address seems to be incorrect as this rule is for allowing traffic from WAN(XG-A1) to PABX so there is no need for NATing it with IP 202.111.122.113, you can either uncheck "Rewrite source address" of select Rewrite source address as MASQ instead of 202.111.122.113.

  • 0 in reply to HardikR

    My home internet using dynamic ip. It's currently recorded as 63.44.113.222.
    As i did the test. SRC IP:63.44.113.222 to 202.111.122.113 actually passes the traffic.


    However.
    When i reverse the results with only 
    SRC IP:202.111.122.113 .
    It returned no results.
    I tried
    SRC IP:172.20.110.11 which is the pabx IP.
    It returned no results either.

    However when i tried SRC IP:172.20.110.10.
    It returned something.


    Seems to me that the router is the culprit.
    It's a TPLINK R600 router.

    The TPLINK router was used as a SIP dial up device. It has 1 WAN port connected to the SIP Service provider's modem.
    While the entire LAN network were setup as 172.20.110.0/24 on the TPLINK R600 Router.

    I figured that if request the vendor to configure the entire network to be 172.20.110.0/24 on the TPLINK R600 router,
    It'll actually allow traffic across the firewall towards 202.111.122.113 by creating a DNAT Rule.
    However that's not the case.
    This is an actual view on the PABX and it's related devices.


    There's a static routing missing at the TPLINK Router R600 side.
    Could i get a help on static routing part ?
    Should i route only 172.20.110.11/24 accross to 202.111.122.113 ?
    I had another concern would be by doing such a static route, it might even change the path of the MLS causing the SIP traffic to not work properly..

Reply
  • 0 in reply to HardikR

    My home internet using dynamic ip. It's currently recorded as 63.44.113.222.
    As i did the test. SRC IP:63.44.113.222 to 202.111.122.113 actually passes the traffic.


    However.
    When i reverse the results with only 
    SRC IP:202.111.122.113 .
    It returned no results.
    I tried
    SRC IP:172.20.110.11 which is the pabx IP.
    It returned no results either.

    However when i tried SRC IP:172.20.110.10.
    It returned something.


    Seems to me that the router is the culprit.
    It's a TPLINK R600 router.

    The TPLINK router was used as a SIP dial up device. It has 1 WAN port connected to the SIP Service provider's modem.
    While the entire LAN network were setup as 172.20.110.0/24 on the TPLINK R600 Router.

    I figured that if request the vendor to configure the entire network to be 172.20.110.0/24 on the TPLINK R600 router,
    It'll actually allow traffic across the firewall towards 202.111.122.113 by creating a DNAT Rule.
    However that's not the case.
    This is an actual view on the PABX and it's related devices.


    There's a static routing missing at the TPLINK Router R600 side.
    Could i get a help on static routing part ?
    Should i route only 172.20.110.11/24 accross to 202.111.122.113 ?
    I had another concern would be by doing such a static route, it might even change the path of the MLS causing the SIP traffic to not work properly..

Children
No Data