7 Replies Latest reply on Jul 9, 2013 6:52 AM by noor

    private to public security zones

    pbb New Member

      I have been trying without success to add a policy to map a certain ip in the private zone to a certain ip in the public zone.  Right now all activity in the private zone is sent out to the public ip used to setup the 3430.  The other secondary static ip settings can be mapped to private zone ips, but I cannot get it to work the other way.  It is annoying to have everything going out to come from the same public ip.  Has anyone been able to use the security zones gui to set up the policy to perform this translation?

       

      Thank you

        • Re: private to public security zones
          danb Visitor

          pbb,

           

          I would create a separate NAT pool using the specific WAN address to a single LAN address.  I would then place this NAT statement higher in the PRIVATE security policy list than your NAT statement which will NAT all your remaining traffic. This may be easier for you to do in the command line than the GUI.

          It would help us if you would share your reason for doing this.  Any information added may help us determine if there is a better way to accomplish your goals.

          If you need further clarification please let us know. 

           

          Thanks,

          Dan

            • Re: private to public security zones
              pbb New Member


              You appear to be correct, the gui makes it hard to do if not impossible.  I am still interested if anyone has worked a simple solution as it makes it easier to manage the system if the standard gui is used.

               

              Reason for doing this, what should be easy, task is to make sure that any outgoing activity from a hosted website or email is tied to the correct ip.

                • Re: private to public security zones
                  pbb New Member


                  I stand corrected, the gui can be used.  All appears to be happy.

                  • Re: private to public security zones
                    danb Visitor

                    pbb,

                    If you create an inbound 1:1 NAT to the private address you will have it.  As long as inbound activity is sent to the specific address you want forwarded to the private address.

                    Thanks,

                    Dan

                      • Re: private to public security zones
                        pbb New Member

                        Thank you.

                         

                        I seem to have it working using:

                         

                        Private Zone

                        Advanced

                        NAT

                        Any zone

                        Source w/ Overloading

                        IP of WAN

                        Then

                        Permit

                        IP if lan

                        any

                         

                        Is the 1:1 NAT better?

                          • Re: private to public security zones
                            danb Visitor

                            Would you mind sharing the configuration output? 

                            If you expand the Utilites tab on the left, under System you will see Configuration.  Click on the Save button.  Click on the Download button in the next box.  Save the file to your desktop.  Before posting here - open the file in a text editor and replace any passwords with XXXXX.  Also change your public IP addresses - I recommend leaving the mask in place (that's the 255.255.255.... part of the address) but change at least 2 sections (octets) of your public to x's.  Example: if your public is 34.34.35.35 change it to xx.xx.35.35.

                            The configuration file will allow us to see the big picture!

                            Thanks,

                            Dan

                              • Re: private to public security zones
                                Employee

                                pbb -

                                I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                                 


                                Thanks,

                                Noor