This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

need help with u-turn nat between zones

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

need help with u-turn nat between zones

mstevenson
Not applicable

‎04-07-2011 07:32 AM

Hi all

I have read through the NAT tech notes and manuals from this site but canot seam to get this feature to work, i have u-turn nat enabled and working brilliantly in the same zone but i cant get the u-turn feature to work between zones/seperate networks. Let me explain our setup and any help would be very appreciated.

Guest Client Network

Source - Guest Laptop: 192.180.0.10

Dest - External webmail IP address: 89.248.148.200

Internal Corporate Network

Internal webmail server: 172.16.0.10

I need users to be able to access the external address of the webmail server from the guest client network. What i would like is so when users on the guest network access the webmail external ip it is routed through the PA and is then routed to the internal network zone. I have setup the u-turn feature in the same zone and that works great, its just when i am trying to do u-turns with different zones that i cant get it to work. I have followed the guide NAT Tech Notes to set the NAT and security rules for the u-turn between zones but they dont seam to be working. Any help would be great!!

Matt

0 Likes Likes
6 REPLIES 6

bpappas
L6 Presenter

‎04-07-2011 07:37 AM

Can you post a screenshot of the NAT rules you configured and a sketch of the network? Seeing this would probably allow us armchair quarterbacks to help figure this out.

-Benjamin

0 Likes Likes

mderksen
L4 Transporter

‎04-07-2011 07:59 AM

From your text I would say the configuration should look like:

NAT: Source Zone; Guestnetwork, Destination Zone; External, Destination; 89.248.148.200, trans dest; 172.16.0.10

Security: Source Zone; Guestnetwork, Destination Zone; Internal, Source IP; guest subnet, Dest IP; 89.248.148.200

But indeed a snapshot from what you configured could help.

Marcel

0 Likes Likes

jochristian
L4 Transporter

‎05-20-2011 04:30 AM

Did you find a solution on this problem? Seems like i'm stuck on a similiar problem.

Jo Christian

/Jo Christian
0 Likes Likes

zanonibs
Not applicable

‎05-21-2011 02:17 PM

The DNS-proxy feature of PAN 4.x can be useful without using U-turn nat.

0 Likes Likes

sherwin33
Not applicable
In response to mderksen

‎08-21-2013 01:33 AM

Hi,

Thanks for this.  I had the same problem for our guest wireless, needing to access out internal web servers.  Using the above NAT and Security policies got this to work!!

0 Likes Likes

mbutt
L5 Sessionator

‎08-21-2013 11:27 AM

The following doc has a good use case example of U-Turn on page 22

https://live.paloaltonetworks.com/docs/DOC-1517

Let us know if this helps.

Thanks

Numan

  • 3911 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks