Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2nd IP of the Pool is not doing NAT

Madni Malik

hi,

i have XG430 XG430 (SFOS 17.5.14 MR-14-1), on port2 i have WAN. i configured one wan ip on it. my Servers are going out
to internet using that ip. now for few user i want to use another ip of the pool, i created a plain rule added a specific
system ip in source network and in advanced section of the rule in NAT & routing i selected following:
Selection1:
Rewirte source address (masquerading)
use gateway-specific default NAT policy
Override default Nat policy for specific gateway then in Gateway i selected ISP1 and in NAT policy i selected 2nd IP which i need to use for natting of normal users

Selection2:
Rewirte source address (masquerading)
Use Outbound address= ip address (object) that i want to user
Primary gateway=ISP1

in both selection in log viewer it is taking the ip address configured on Port2
i also configured alias on port2 selected that ip for outbound nat but againt it is shwoing me the primary ip on the interface.

please advise me how to rectify this issue.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    hello Patel,

    yes i have created alias but it is not working. below is the screenshot.

    h

  • FormerMember
    0 FormerMember in reply to Madni Malik

    Assuming that the traffic is hitting the correct firewall rule.

    I'd suggest checking the ARP connectivity of the alias IP with the ISP gateway.

    Command to check ARP with specific source:

    console> system diagnostics utilities arp ping source ALIAS_IP interface Port2 ISP_GATEWAY

  • 0 in reply to FormerMember

    hi yash,

    thanks for your reply. my question is if i am specifying the public ip in firewall rule, if that ip is not reachable then it should not take anohter ip on the interface for browsing. 

    i will check the arp ping and will update you.

  • 0 in reply to Madni Malik

    console> system diagnostics utilities arp ping source ALIAS_IP interface Port2 ISP_GATEWAY

    getting below aginst the arp ping

    arping: bind: Cannot assign requested address

    if i need to do nat with different ip configured on interface then shoudl i need to create alias against that ip or i need to create a NAt object by going to sophos-->profile--->Network Address Translation , create object here and call it in firerwall rule under nat & routign and select use oubound address and select the object i created under Network Address Translation.