cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

private to public security zones

Jump to solution

I have been trying without success to add a policy to map a certain ip in the private zone to a certain ip in the public zone.  Right now all activity in the private zone is sent out to the public ip used to setup the 3430.  The other secondary static ip settings can be mapped to private zone ips, but I cannot get it to work the other way.  It is annoying to have everything going out to come from the same public ip.  Has anyone been able to use the security zones gui to set up the policy to perform this translation?

Thank you

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: private to public security zones

Jump to solution

pbb,

I would create a separate NAT pool using the specific WAN address to a single LAN address.  I would then place this NAT statement higher in the PRIVATE security policy list than your NAT statement which will NAT all your remaining traffic. This may be easier for you to do in the command line than the GUI.

It would help us if you would share your reason for doing this.  Any information added may help us determine if there is a better way to accomplish your goals.

If you need further clarification please let us know. 

Thanks,

Dan

View solution in original post

7 Replies
Anonymous
Not applicable

Re: private to public security zones

Jump to solution

pbb,

I would create a separate NAT pool using the specific WAN address to a single LAN address.  I would then place this NAT statement higher in the PRIVATE security policy list than your NAT statement which will NAT all your remaining traffic. This may be easier for you to do in the command line than the GUI.

It would help us if you would share your reason for doing this.  Any information added may help us determine if there is a better way to accomplish your goals.

If you need further clarification please let us know. 

Thanks,

Dan

Anonymous
Not applicable

Re: private to public security zones

Jump to solution


You appear to be correct, the gui makes it hard to do if not impossible.  I am still interested if anyone has worked a simple solution as it makes it easier to manage the system if the standard gui is used.

Reason for doing this, what should be easy, task is to make sure that any outgoing activity from a hosted website or email is tied to the correct ip.

Anonymous
Not applicable

Re: private to public security zones

Jump to solution


I stand corrected, the gui can be used.  All appears to be happy.

Anonymous
Not applicable

Re: private to public security zones

Jump to solution

pbb,

If you create an inbound 1:1 NAT to the private address you will have it.  As long as inbound activity is sent to the specific address you want forwarded to the private address.

Thanks,

Dan

Anonymous
Not applicable

Re: private to public security zones

Jump to solution

Thank you.

I seem to have it working using:

Private Zone

Advanced

NAT

Any zone

Source w/ Overloading

IP of WAN

Then

Permit

IP if lan

any

Is the 1:1 NAT better?

Anonymous
Not applicable

Re: private to public security zones

Jump to solution

Would you mind sharing the configuration output? 

If you expand the Utilites tab on the left, under System you will see Configuration.  Click on the Save button.  Click on the Download button in the next box.  Save the file to your desktop.  Before posting here - open the file in a text editor and replace any passwords with XXXXX.  Also change your public IP addresses - I recommend leaving the mask in place (that's the 255.255.255.... part of the address) but change at least 2 sections (octets) of your public to x's.  Example: if your public is 34.34.35.35 change it to xx.xx.35.35.

The configuration file will allow us to see the big picture!

Thanks,

Dan

Anonymous
Not applicable

Re: private to public security zones

Jump to solution

-

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.


Thanks,

Noor