topic static nat + intrazone u-turn and interzone u-turn at same time in General Topics https://live.paloaltonetworks.com/t5/general-topics/static-nat-intrazone-u-turn-and-interzone-u-turn-at-same-time/m-p/38333#M28083 <HTML><HEAD></HEAD><BODY><P>I'm currently having problems on PAN OS 5.0.1 replicating a standard Screenos MIP configuration. Whereby static nat and interzone/intrazone u-turn nat are all active at the same time.</P><P></P><P>We have multiple zones (5) all of the hosts inside each need to be able to access DMZ servers by their NATd public ip address (multiple dmz zones). Also unfortunately hosts inside the DMZ's sometimes want to talk back to themselves using their public ip address instead of their private.. Terrible I know..</P><P></P><P>Also when the DMZ servers talk to the internet they need to appear as their static natd public address.. when they talk to the internal (inside) network they appear as their standard private address..</P><P></P><P>Attached is a screenshot of the NAT configuration for 1 DMZ server..</P><P></P><P>The intrazone and interzone u-turn nating only work when the SNAT (static source translation) is not enabled..</P><P></P><P>Any thoughts?</P><P></P><P>I know we could be using split-dns.. and also this current design is begging for a re-architecture.. but we currently need to maintain status quo functionality for this firewall transition..</P></BODY></HTML> Tue, 26 Mar 2013 01:37:55 GMT CMG 2013-03-26T01:37:55Z static nat + intrazone u-turn and interzone u-turn at same time https://live.paloaltonetworks.com/t5/general-topics/static-nat-intrazone-u-turn-and-interzone-u-turn-at-same-time/m-p/38333#M28083 <HTML><HEAD></HEAD><BODY><P>I'm currently having problems on PAN OS 5.0.1 replicating a standard Screenos MIP configuration. Whereby static nat and interzone/intrazone u-turn nat are all active at the same time.</P><P></P><P>We have multiple zones (5) all of the hosts inside each need to be able to access DMZ servers by their NATd public ip address (multiple dmz zones). Also unfortunately hosts inside the DMZ's sometimes want to talk back to themselves using their public ip address instead of their private.. Terrible I know..</P><P></P><P>Also when the DMZ servers talk to the internet they need to appear as their static natd public address.. when they talk to the internal (inside) network they appear as their standard private address..</P><P></P><P>Attached is a screenshot of the NAT configuration for 1 DMZ server..</P><P></P><P>The intrazone and interzone u-turn nating only work when the SNAT (static source translation) is not enabled..</P><P></P><P>Any thoughts?</P><P></P><P>I know we could be using split-dns.. and also this current design is begging for a re-architecture.. but we currently need to maintain status quo functionality for this firewall transition..</P></BODY></HTML> Tue, 26 Mar 2013 01:37:55 GMT https://live.paloaltonetworks.com/t5/general-topics/static-nat-intrazone-u-turn-and-interzone-u-turn-at-same-time/m-p/38333#M28083 CMG 2013-03-26T01:37:55Z Re: static nat + intrazone u-turn and interzone u-turn at same time https://live.paloaltonetworks.com/t5/general-topics/static-nat-intrazone-u-turn-and-interzone-u-turn-at-same-time/m-p/38334#M28084 <HTML><HEAD></HEAD><BODY><P>So what is the problem with enable SNAT ?</P><P>Could you please clarify what is not working ? Thanks</P></BODY></HTML> Tue, 26 Mar 2013 10:35:13 GMT https://live.paloaltonetworks.com/t5/general-topics/static-nat-intrazone-u-turn-and-interzone-u-turn-at-same-time/m-p/38334#M28084 Retired Member 2013-03-26T10:35:13Z