This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Natting from other networks

Louis-M over 7 years ago

Ok, we have other interfaces on our UTM other than the internet. We have DNAT/SNAT setup from the internet. No probs.

So now we have another interface on the UTM with address 10.1.140.6/24 (OUTSIDE 2) and the INSIDE as 192.168.200.0/24

We need to set a static NAT (Cisco terms) from 192.168.200.10 to 10.1.140.50

So in UTM terms, we need an SNAT & DNAT

So for the DNAT = traffic from OUTSIDE 2 NETWORK using ANY going to 10.1.140.50 translate to 192.168.200.10

Now the above had me stumped for a while.... it just wouldn't work. The the penny dropped, I had to add an additional IP address on the interface OUTSIDE 2 ie 10.1.140.50 much like you would do with additional IP's from your ISP.

Can anybody confirm this is the correct way to do or is there any easier way?

This thread was automatically locked due to age.

0 BAlfson over 7 years ago

What devices are at 192.168.200.10 and 10.1.140.50, Louis? From which will communication be initiated?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Louis-M over 7 years ago in reply to BAlfson

Hi Bob, traffic is initiated from both. It works at the mo.

Had another one today with an SNAT too. Traffic from 192.168.1.10 destined for 1.1.1.1 which was about 6 hops away.

It was routed in the UTM with a static route like so 1.1.1.1/32 via 2.2.2.2/30 which was connected to the UTM 2.2.2.1/30

There's me thinking I would do an SNAT of:
192.168.1.10 > any > going to 2.2.2.1/30 > translate to 1.1.1.10 but it didn't work.

It should have been:

192.168.1.10 > any > going to 1.1.1.1 > translate to 1.1.1.10

Still, we learn as we go......
Cancel
Vote Up 0 Vote Down

Cancel