Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 7521 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT over MPLS to remote networl

Doug LaPlant

Hello, New Sophos users here.

 

I've got two sites connected by MPLS. One site has my internet connection, the other site has a server I want to allow traffic to from the internet. I've tried standard NATs and MASQ / firewall rules but not having any luck. From a host on the same site as my internet connection I can ping and telnet to the port on the other site, just not from the internet. Also NAT from internet to a local address and it worked fine.

 

Any help is greatly appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hey, Doug.

    So, I take the branch site has no internet connection at all, right? Is the server 192.168.21.233 able to reach internet through the main site?

    I would bet the server 192.168.21.233 probably does not know how to reply to NATed packets from the internet.

    Regards,

    Giovani 

Reply
  • 0

    Hey, Doug.

    So, I take the branch site has no internet connection at all, right? Is the server 192.168.21.233 able to reach internet through the main site?

    I would bet the server 192.168.21.233 probably does not know how to reply to NATed packets from the internet.

    Regards,

    Giovani 

Children
  • 0 in reply to giomoda

    Hi Giovani,

     

    You hit the nail on the head.

    The branch does not have other direct internet, there is however a third site where internet is going now (being replaced with this new site). I had setup the NAT as a DNAT instead of a full NAT and thus the traffic was not going back to the Sophos it was going out the other default route. would not have been in issue if internet was already moved over, but not working for the test that way.

     

    Anyway, we're all set. On to the next adventure!!

     

    Thanks,

    Doug

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML