Different NAT IP for several user

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Different NAT IP for several user

L4 Transporter

Hi

I need your help with following problem.

Traffic from VPN zone is NATed to one public IP for every VPN traffic.

Today I got task to assign for 3 of those user different NAT IP (or even better: user1 - NAT_1, user2 - NAT_2, user3 - NAT_3 and for the rest of users NAT_4)

How to achieve that?

Regards

SLawek

1 accepted solution

Accepted Solutions

if you can read that document you'll better understand what I want to say.

Using Global Protect with One gateway and both split - full tunnel

Regards

View solution in original post

9 REPLIES 9

L6 Presenter

Hi,

you mean these 3 users do not have static ip ?

yes, this 3 users usinfg GP client so IP is assigned dynamicaly by PA, and with my best knowledge there is no option to do static mapping in PAN 5.x - maybe in 6.0

Hi,

Right, not possible to assign static IP in GP. Mean as there is no "User" crit in NAT rule, the only thing you can do is IP1=> NAT1, IP2=> NAT2 ... but no relatioship with user1, 2 ...

For doing that either create 1 NAT rule per IP or a global one with "Static IP"

Hope help.

v.

>For doing that either create 1 NAT rule per IP or a global one with "Static IP"

Could you be more specific?

I wouldn't create third GP gateway for 3 people Smiley Sad

Slawek

For user1:

Source Zone: VPN

Source IP: IPSource1

Dest Zone: Internet

Dest IP: Any

NAT source: Static IP / IPpub1

Or:

Source Zone: VPN

Source IP: SubnetSource 10.1.1.1/24

Dest Zone: Internet

Dest IP: Any

NAT source: Static IP / SubnetPublic 1.1.1.1/24

Carefull t have same range in SubnetSource and SubnetPublic

v.

Hi Vince

According to your example it will be working under one condition: I must know what IP will get user (one of thouse three) - but I didn't, thats the problem.

Do I understand Your example?

Regards

SLawek

if you will do this only for 3 users, you can use 1portal 3user config with different gateways each(using different ports) so you'll have 3 gw profile, each will have 1 ip pool.

with that config you can achieve that.

for example :

user1 will connect to portal ip:port1

user2 will connect to portal ip:port2

user3 will connect to portal ip:port3

other users will connect to portal without port(so it will use 443)

you can use 1 portal but inside 3 profiles and each profile will have different GW with different users, 4th profile will be for any user so it is working from up to down.

on GW config you will have 4 seperate GW config.So you can use 4 seperate pools.

Then you'll NAT each ip address for the one you want.

if you can read that document you'll better understand what I want to say.

Using Global Protect with One gateway and both split - full tunnel

Regards

Thank You! I think that in 5.x PAN it is the only way that I can get what I want.

Regards

SLawek

  • 1 accepted solution
  • 4002 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!