topic Natting issue with new subnet. in General Topics

Natting issue with new subnet.

inderjit21 — Wed, 08 Feb 2017 05:04:18 GMT

I am applying destination nat. Natting public ip(untrust zone) to internal ip(trust zone). Public ip subnet is /28.

When access public ip in the monitoring logs it shows me dst zone as Untrust whenit should show dst zone as Trust.

I have policy in place and natting but its not hitting any policy and goes to expicit deny.

jneo — Wed, 08 Feb 2017 07:21:21 GMT

Hi there,

Did you apply the appropriate security policies and NAT policies in place for destination NAT?

Generally there are 2 places to check in your configurations:

NAT Policy:

Destination zone : Pre-NAT IP

Destination address : Pre-NAT IP

Destination Translation : Post-NAT IP

Security Policy

Destination zone : Post-NAT

Destination address : Pre-NAT

Source zone : Pre-NAT

I attached an illustration of diagram below for your reference. Hope it clarifies your understanding of destination NAT

TranceforLife — Wed, 08 Feb 2017 09:03:52 GMT

@jneo very good explanation. I am also always sharing this video:

Retired Member — Wed, 08 Feb 2017 13:55:52 GMT

I also like @RafisGaripov PAN videos

Here is part 2 of the above nat video 🙂