This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

NAT allocation during a pool configuration.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

NAT allocation during a pool configuration.

nson2139
L3 Networker

‎08-13-2018 06:28 AM

Team,

We have a NAT pool configured for one of the ongoing requirements. Is there a way to force this pool to allocate IP address from start to end as per new requests come in?

 

e.g. NAT pool configured is 10.10.10.1 to 10.10.10.10

IP source is anything between 192.168.10.1 to 192.168.10.10

 

We noticed that if the traffic source is 192.168.10.2 it could take an IP from anywhere in the NAT pool. I want to force it to take a first IP in the pool.

 

Also is it possible to configure something which keeps the last octet static? (this may be too much to ask.)

 

 

Thanks!!!

N.

0 Likes Likes
4 REPLIES 4

BPry
Cyber Elite
Cyber Elite

‎08-13-2018 07:39 AM

@nson2139,

So essentially regardless of the source IP in that range, you want the firewall to NAT with the first available IP in the pool? That really isn't how the NAT process on the firewall is designed, and I'm not sure you'll be able to get this to work at all. 

0 Likes Likes

Remo
L7 Applicator
In response to BPry

‎08-15-2018 04:38 AM

@nson2139

Maybe I do not understand your question, but as long as your effective source and your source NAT IP range are the same soze, then you could use static NAT...

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to Remo

‎08-15-2018 05:32 AM

@Remo,

My understanding of the question was that it didn't matter what the source IP was within the given range, the NAT was desired to be the first unused NAT address within the given range. 

I agree though for something like this a simple static NAT rule would be a bit more resonable as you are mapping 10 different source addresses to 10 different NAT addresses and I presume using Dynamic IP. If a static NAT was setup then you would know exactly what address what going to get which NAT address and you wouldn't have to worry about the way the Dynamic IP process chooses a NAT address out of order. 

0 Likes Likes

Remo
L7 Applicator
In response to BPry

‎08-15-2018 05:54 AM

@BPry

I admit, I never configured it with 10 addresses. But when I used a /24 or /25 as source IP and the same network size as source NAT, the last octett remained the same.

  • 2492 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks