This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT - Not figuring out

Greetings.

ASG220, v7.305, in process of converting from a PIX515

We are having trouble making NAT work properly.

Networks
  external - 111.222.127.151/27
  internal - 192.168.1.2/24
  DMZ - 10.1.1.1/24

Let's start with a standard web server in the DMZ

Define the hosts:
  Trade External
      * Type - Host
      * Address - 111.222.127.144
      * Interface - External (WAN)
  Trade Server
      * Type - Host
      * Address - 10.10.1.3
      * Interface - DMZ

Define the DNAT rule
  * Traffic Source - Any
  * Traffic Service - Web Surfing
  * Traffic Destination - Trade External
  * NAT Mode - DNAT
  * Destination - Trade Server
  * Destination Service - (not specified)
  * Auto Packet Filter - CHECKED

Somehow, this doesn't work.  I am thinking that perhaps the addresses should not be BOUND to the interfaces, but that is kind of a random thought.

EDIT: should I setup "Additional Addresses" on the external interface to get it to listen on the (different) address for the web server?

Any help would be appreciated.

This thread was automatically locked due to age.

Parents

0 dilandau over 16 years ago

Hi there,

You will want to make trade external an additional address on the external interface and then use the additional address in your dnat rule. Everything else looks ok, although I am not sure if network groups work for dnats, so if it still doesn't work try a specific service and not a group in the dnat.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dilandau over 16 years ago

Hi there,

You will want to make trade external an additional address on the external interface and then use the additional address in your dnat rule. Everything else looks ok, although I am not sure if network groups work for dnats, so if it still doesn't work try a specific service and not a group in the dnat.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data