Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 7261 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNAT not working, return traffic stills goes to the orginal IP(H.323 packets)

Werner Gunther

Hello,

 

I'm trying to do figure out the following, we have a Avaya office PBX on a external location, between us and that location there is an IP-VPN connection. Between the router building the IP-VPN tunnel and the phone we have a Sophos UTM 9.The Avaya office PBX only accepts connections from network A, so I created an SNAT to change the IP of the phone from B to A. This seems to work the only probleem is that the Avaya office PBX want to sent traffic back to the orginal IP B, there is still someting hanging inside the H.323 packet with the orginal IP.

Anny idees?

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Possible cause: That behavior is known to happen if you turn on Network Protection > VoIP > SIP Protocol Support. That subsystem gets the first crack at the packets before SNAT and basically makes SNAT work incompletely. If you have that on; turn it off and setup all your SNAT/DNAT rules by hand and it will then work as expected.

  • 0 in reply to Bob Pankratz

    It sounds like the SNAT is working, but that a Full NAT is needed.  There is no 1-to-1 Full NAT that can handle all of the phone IPs, so a separate Full NAT would be required for each phone - probably in each direction.

    Cheers - Bob

  • 0 in reply to BAlfson

    After my reseller had some contact with Avaya they came to the discovery that the probleem was @ the Avaya PDX side. After they changed something the nat rules where working fine.

    Thanks for all the effort.

Reply Children
No Data