08-22-2014 10:06 AM
Hello,
I have an address I would like to represent as an "Address Object". The address is 164.67.80.78 and the netmask is 255.255.255.192. I created an "Address Object" with an "IP Netmask" of 164.67.80.78/26.
I used this "Address Object" to set the interface address. Worked great. When I went to setup a bi-directional NAT policy, I needed to specify a "Source Translated Address". This address must be 164.67.80.78/32 and cannot be 164.67.80.78/26. i.e. the "Address Object" I created would not work for the NAT policy.
So I created two address objects: one for 164.67.80.78/26 and another for 164.67.80.78/32. I am not happy about the duplication. Is there a better approach?
Thank you,
Chris
08-22-2014 10:10 AM
Hi Ctech,
NAT needs precise[/32] mask to avoid proxy NAT issue, interface needs real netmask. So, this behavior is expected.
I dont see any other way apart from creating two different objects. Else you can specify IP/32 in NAT instead of using object.
Regards,
Hardik Shah
08-22-2014 10:10 AM
Hi Ctech,
NAT needs precise[/32] mask to avoid proxy NAT issue, interface needs real netmask. So, this behavior is expected.
I dont see any other way apart from creating two different objects. Else you can specify IP/32 in NAT instead of using object.
Regards,
Hardik Shah
08-22-2014 02:50 PM
I do agree that this lead to duplicate address objects but bi-directional NAT policy is a static NAT i.e 1-to-1 mapping. Hence the need to specify /32 address.
This is expected. You would be better off referencing the ip-address itself to avoid duplicate address objects.
Hope this helps.
Thanks
08-22-2014 03:27 PM
Hello,
It is not the duplication of "Address Objects" per se that I am bothered by... it is the duplicate entries of the same IP address. For example, if this IP address were to change, I'd like one central place to make the change. I believe this was the whole idea behind the "Address Objects".
It sounds like I should just stick with creating two "Address Objects" for each public NAT IP address. One with the netmask and one without. This way, if the IP were ever to change, I'd have to make two changes (bad) but at least they are both in the same place on the interface (good).
Thank you all,
Chris
08-22-2014 04:26 PM
Hi Chris,
You can give similar names to address object like "A_Obj_1" & "A_Obj_11", that way it would be easy to change IP for Address Objects.
Regards,
Hardik Shah
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
