Lan - lan source nat

Thanks for inserting the diagram!

If the Router in LAN 1 forwards all the traffic from behind it to port 1 on the Sophos Firewall with a source IP of 172.30.1.165, then you only need an SNAT that changes the source in packets from 172.30.1.165 to 172.20.0.1.

Cheers - Bob
PS If your question is about XG instead of UTM on an SG, one of us will move this thread to that community.

There is no nat between the router and sophos xg 430 . Traffic forwarded to sophos in origenal ip . 

I want to translate all networks to 172.20.0.1 when forwarded from sophos to l3 switch

And 2 lans reach each other (10.100.25.5 and all networks)

Thank you

There is no nat between the router and sophos xg 430 . Traffic forwarded to sophos in origenal ip . 

I want to translate all networks to 172.20.0.1 when forwarded from sophos to l3 switch

And 2 lans reach each other (10.100.25.5 and all networks)

Thank you

Since this is a question about XG, I'll move this thread over there.

Is all of the traffic from LAN 1 going through the XG going only to LAN IPs or does that also include traffic outbound to the internet?

Cheers - Bob

Yes all traffic going only to lan  

To server 10.100.25.5 (zone lan) not dmz zone

No internet or public ip in my cae

Thanks

Any suggestions to solve my case ?

Hello,
1. SG or XG?
2. what exactly is the problem? ...you didn't reach a network?
Because L3 Switch and router do routing ... do you configured these devices as gateway to the networks behind them?
Would be good to see your rules.

hello,

xg 430 

simply i want to translate all coming network traffic from the router to Sophos interface IP 172.20.1 

then forwarded to L3 switch then server 10.100.25.5

source network 10.200.220.0, 10.35.220.0 , 10.45.220.0 ........

destination network 10.100.25.5

translated source network to 172.20.0.1 while source network access destination server

thanks

NAT Looks good so far.
You need a Firewall rule allowing this traffic.
(try Any to 10.100.25.5 first)

PS: Your interface ip isn't 172.20.0.1/32 (like in your picture) but 172.20.0.1/24 ...!?

Enable logging within firewall-rules and Check logviewer. Set free-text-search-filter to 10.100.25.5

please show us your "source network 10.200.220.0, 10.35.220.0 , 10.45.220.0" - definitions ... or try "any" for a short time instead

L3-Switch and Router use Firewall as default gateway?

dear ,

(try Any to 10.100.25.5 first) ... done

PS: Your interface IP isn't 172.20.0.1/32 (like in your picture) but 172.20.0.1/24 ...!? you're right my interface port 1 

and IP 172.30.1.66

nedal tomeh said:

PS: Your interface IP isn't 172.20.0.1/32 (like in your picture) but 172.20.0.1/24 ...!? you're right my interface port 1 

and IP 172.30.1.66

yes ... but at Port 4 you paint a 32 Bit network-mask ... i think you have /24 here ...

172.30.1.166/30 

sir 

just i have a question plz

is xg 430 support translates all networks hosts (10.200.220.1,.....) to a single IP or interface IP and forwards traffic to port 1 

(10.100.25.5) ?

which means server 10.100.25.5 accessed just by one IP from all networks 

Yes. This is how internet access works ... mostly.

There may be an error in your NAT definition... a screenshot would be helpful.

Here you can see my "Masquerade all at one interface" rule