I have been trying without success to add a policy to map a certain ip in the private zone to a certain ip in the public zone. Right now all activity in the private zone is sent out to the public ip used to setup the 3430. The other secondary static ip settings can be mapped to private zone ips, but I cannot get it to work the other way. It is annoying to have everything going out to come from the same public ip. Has anyone been able to use the security zones gui to set up the policy to perform this translation?
Thank you
pbb,
I would create a separate NAT pool using the specific WAN address to a single LAN address. I would then place this NAT statement higher in the PRIVATE security policy list than your NAT statement which will NAT all your remaining traffic. This may be easier for you to do in the command line than the GUI.
It would help us if you would share your reason for doing this. Any information added may help us determine if there is a better way to accomplish your goals.
If you need further clarification please let us know.
Thanks,
Dan
pbb,
I would create a separate NAT pool using the specific WAN address to a single LAN address. I would then place this NAT statement higher in the PRIVATE security policy list than your NAT statement which will NAT all your remaining traffic. This may be easier for you to do in the command line than the GUI.
It would help us if you would share your reason for doing this. Any information added may help us determine if there is a better way to accomplish your goals.
If you need further clarification please let us know.
Thanks,
Dan
You appear to be correct, the gui makes it hard to do if not impossible. I am still interested if anyone has worked a simple solution as it makes it easier to manage the system if the standard gui is used.
Reason for doing this, what should be easy, task is to make sure that any outgoing activity from a hosted website or email is tied to the correct ip.
I stand corrected, the gui can be used. All appears to be happy.
pbb,
If you create an inbound 1:1 NAT to the private address you will have it. As long as inbound activity is sent to the specific address you want forwarded to the private address.
Thanks,
Dan
Thank you.
I seem to have it working using:
Private Zone
Advanced
NAT
Any zone
Source w/ Overloading
IP of WAN
Then
Permit
IP if lan
any
Is the 1:1 NAT better?
Would you mind sharing the configuration output?
If you expand the Utilites tab on the left, under System you will see Configuration. Click on the Save button. Click on the Download button in the next box. Save the file to your desktop. Before posting here - open the file in a text editor and replace any passwords with XXXXX. Also change your public IP addresses - I recommend leaving the mask in place (that's the 255.255.255.... part of the address) but change at least 2 sections (octets) of your public to x's. Example: if your public is 34.34.35.35 change it to xx.xx.35.35.
The configuration file will allow us to see the big picture!
Thanks,
Dan
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Noor