01-09-2014 11:34 AM
Hi
I need your help with following problem.
Traffic from VPN zone is NATed to one public IP for every VPN traffic.
Today I got task to assign for 3 of those user different NAT IP (or even better: user1 - NAT_1, user2 - NAT_2, user3 - NAT_3 and for the rest of users NAT_4)
How to achieve that?
Regards
SLawek
01-18-2014 12:01 PM
if you can read that document you'll better understand what I want to say.
Using Global Protect with One gateway and both split - full tunnel
Regards
01-09-2014 11:52 AM
Hi,
you mean these 3 users do not have static ip ?
01-10-2014 02:07 AM
yes, this 3 users usinfg GP client so IP is assigned dynamicaly by PA, and with my best knowledge there is no option to do static mapping in PAN 5.x - maybe in 6.0
01-10-2014 02:45 AM
Hi,
Right, not possible to assign static IP in GP. Mean as there is no "User" crit in NAT rule, the only thing you can do is IP1=> NAT1, IP2=> NAT2 ... but no relatioship with user1, 2 ...
For doing that either create 1 NAT rule per IP or a global one with "Static IP"
Hope help.
v.
01-10-2014 02:54 AM
>For doing that either create 1 NAT rule per IP or a global one with "Static IP"
Could you be more specific?
I wouldn't create third GP gateway for 3 people 
Slawek
01-10-2014 05:01 AM
For user1:
Source Zone: VPN
Source IP: IPSource1
Dest Zone: Internet
Dest IP: Any
NAT source: Static IP / IPpub1
Or:
Source Zone: VPN
Source IP: SubnetSource 10.1.1.1/24
Dest Zone: Internet
Dest IP: Any
NAT source: Static IP / SubnetPublic 1.1.1.1/24
Carefull t have same range in SubnetSource and SubnetPublic
v.
01-11-2014 03:59 AM
Hi Vince
According to your example it will be working under one condition: I must know what IP will get user (one of thouse three) - but I didn't, thats the problem.
Do I understand Your example?
Regards
SLawek
01-18-2014 11:58 AM
if you will do this only for 3 users, you can use 1portal 3user config with different gateways each(using different ports) so you'll have 3 gw profile, each will have 1 ip pool.
with that config you can achieve that.
for example :
user1 will connect to portal ip:port1
user2 will connect to portal ip:port2
user3 will connect to portal ip:port3
other users will connect to portal without port(so it will use 443)
you can use 1 portal but inside 3 profiles and each profile will have different GW with different users, 4th profile will be for any user so it is working from up to down.
on GW config you will have 4 seperate GW config.So you can use 4 seperate pools.
Then you'll NAT each ip address for the one you want.
01-18-2014 12:01 PM
if you can read that document you'll better understand what I want to say.
Using Global Protect with One gateway and both split - full tunnel
Regards
01-19-2014 02:08 AM
Thank You! I think that in 5.x PAN it is the only way that I can get what I want.
Regards
SLawek
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
