https://live.paloaltonetworks.com/t5/general-topics/single-public-ip-address-nat-to-2-different-dmz-ip-addresses/m-p/39391#M28900 <HTML><HEAD></HEAD><BODY><P>Here is the problem to be solved:</P><P></P><P>I have a single public IP address (example: 1.1.1.5) that is currently NATs to a single DMZ address (example: 192.168.1.11). </P><P></P><P>I need to create a NAT rule that will continue to send all traffic on all ports to 192.168.1.11 address <EM>unless</EM> the traffic is coming from a specific address, for instance 2.2.2.2.</P><P></P><P>In other words:</P><UL><LI>If traffic comes from 2.2.2.2 destined for 1.1.1.5, it will NAT to 192.168.1.12.</LI><LI>If traffic comes from any other external IP destined for 1.1.1.5, it will NAT to 192.168.1.11.</LI></UL><P></P><P>I hope that makes sense.&nbsp; Is this even possible?</P><P></P><P>We have an F5 LTM and can accomplish the same end result, but would like to do it at the PA if possible.</P><P></P><P>Thanks, Jim</P></BODY></HTML> Tue, 10 Feb 2015 18:11:48 GMT jlarson 2015-02-10T18:11:48Z https://live.paloaltonetworks.com/t5/general-topics/single-public-ip-address-nat-to-2-different-dmz-ip-addresses/m-p/39391#M28900 <HTML><HEAD></HEAD><BODY><P>Here is the problem to be solved:</P><P></P><P>I have a single public IP address (example: 1.1.1.5) that is currently NATs to a single DMZ address (example: 192.168.1.11). </P><P></P><P>I need to create a NAT rule that will continue to send all traffic on all ports to 192.168.1.11 address <EM>unless</EM> the traffic is coming from a specific address, for instance 2.2.2.2.</P><P></P><P>In other words:</P><UL><LI>If traffic comes from 2.2.2.2 destined for 1.1.1.5, it will NAT to 192.168.1.12.</LI><LI>If traffic comes from any other external IP destined for 1.1.1.5, it will NAT to 192.168.1.11.</LI></UL><P></P><P>I hope that makes sense.&nbsp; Is this even possible?</P><P></P><P>We have an F5 LTM and can accomplish the same end result, but would like to do it at the PA if possible.</P><P></P><P>Thanks, Jim</P></BODY></HTML> Tue, 10 Feb 2015 18:11:48 GMT https://live.paloaltonetworks.com/t5/general-topics/single-public-ip-address-nat-to-2-different-dmz-ip-addresses/m-p/39391#M28900 jlarson 2015-02-10T18:11:48Z https://live.paloaltonetworks.com/t5/general-topics/single-public-ip-address-nat-to-2-different-dmz-ip-addresses/m-p/39392#M28901 <HTML><HEAD></HEAD><BODY><P>just create two NAT rules(Untrust-Untrust) one with source 2.2.2.2 other with source any (destination address same 1.1.1.5)</P><P>then you can NAT(destination) each to different ip address</P><P>Don't forget security rules.</P></BODY></HTML> Tue, 10 Feb 2015 18:33:45 GMT https://live.paloaltonetworks.com/t5/general-topics/single-public-ip-address-nat-to-2-different-dmz-ip-addresses/m-p/39392#M28901 Retired Member 2015-02-10T18:33:45Z https://live.paloaltonetworks.com/t5/general-topics/single-public-ip-address-nat-to-2-different-dmz-ip-addresses/m-p/39393#M28902 <HTML><HEAD></HEAD><BODY><P>Thanks so much for the reply panos.&nbsp; I was using source address translation and dug deeper into Destination NAT and saw exactly what you were explaining.</P><P></P><P>Anyway, I set it up and it works perfectly!</P><P></P><P>Jim</P></BODY></HTML> Tue, 10 Feb 2015 20:06:49 GMT https://live.paloaltonetworks.com/t5/general-topics/single-public-ip-address-nat-to-2-different-dmz-ip-addresses/m-p/39393#M28902 jlarson 2015-02-10T20:06:49Z