This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Basic noobie question.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Basic noobie question.

mcocat
Not applicable

‎10-22-2014 06:00 AM

I am looking to what I would call port address translation, but am unfamiliar with how to do it on the PA. Basically I need a public IP to route SNMP traffic to one inside address, and syslog traffic to another inside address. This will also only apply to a single host from the outside. Can someone give me high level steps to what I need to configure?

Labels:
0 Likes Likes
6 REPLIES 6

reaper
Cyber Elite
Cyber Elite

‎10-22-2014 06:08 AM

Hi

This doc will come in handy Understanding PAN-OS NAT

In short you'd need two nat rules, both from untrust to untrust with the same destination (public) IP but each with it's own destination port and unique destination NAT ip address (see page 21 of the above document)

hope this helps

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

_slv_
L4 Transporter
In response to reaper

‎10-22-2014 06:22 AM

Hello

You can also find some usefull thing on video turorials Video Link : 1550

Regards

Slawek

0 Likes Likes

ssharma
L5 Sessionator

‎10-22-2014 06:36 AM

You Can configure following  NAT statements for same public IP:

Untrust to Untrust from any source address to your public ip_1 on 25 then translate to private ip_1 to 25

Untrust to Untrust from any source address to your public ip_1 on 443 then translate to private ip_2 to 4443

Untrust to Untrust from any source address to your public ip_1 on 80 then translate to private ip_3 to 8080

Hope this helps. Thank you.

0 Likes Likes

dreputi
L4 Transporter
In response to ssharma

‎10-22-2014 06:48 AM

Hello Mcocat,

You can also create a bidirectional NAT rule which looks like this:

nat.png

The source address being the private IP of the server and translated Ip being the public facing IP. This basically splits the NAT rule internally into two- one for outbound and another for inbound. You can refer to above document given by tpiens to understand this better.

Regards,

Dileep

0 Likes Likes

hshah
L6 Presenter

‎10-22-2014 07:40 AM

Hi Mcocat,

Refer following document that should be enough.

Understanding PAN-OS NAT

Video Link : 1550

NAT Example:

8.8.8.8 - Host on the Internet for which you need NAT to be applicable

1.1.1.1 - Is the Public IP on Untrust

100.1.1.1 - Is the SMTP server on DMZ

SMTP service has TCP port 25 >> Which you need to create

NAT.png

You can repeat the same for other services.

Regars,

Hardik Shah

0 Likes Likes

mcocat
Not applicable

‎10-22-2014 07:54 AM

Wow, thank you all for the help with this. I will review the guides and advice and get this completed. I appreciate all of the help!

0 Likes Likes
  • 3009 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks