cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

need help with u-turn nat between zones

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
mstevenson
Not applicable
‎04-07-2011 07:32 AM
‎04-07-2011 07:32 AM

need help with u-turn nat between zones

Hi all

I have read through the NAT tech notes and manuals from this site but canot seam to get this feature to work, i have u-turn nat enabled and working brilliantly in the same zone but i cant get the u-turn feature to work between zones/seperate networks. Let me explain our setup and any help would be very appreciated.

Guest Client Network

Source - Guest Laptop: 192.180.0.10

Dest - External webmail IP address: 89.248.148.200

Internal Corporate Network

Internal webmail server: 172.16.0.10

I need users to be able to access the external address of the webmail server from the guest client network. What i would like is so when users on the guest network access the webmail external ip it is routed through the PA and is then routed to the internal network zone. I have setup the u-turn feature in the same zone and that works great, its just when i am trying to do u-turns with different zones that i cant get it to work. I have followed the guide NAT Tech Notes to set the NAT and security rules for the u-turn between zones but they dont seam to be working. Any help would be great!!

Matt

0 Likes
Reply
bpappas
L6 Presenter
‎04-07-2011 07:37 AM
‎04-07-2011 07:37 AM

Can you post a screenshot of the NAT rules you configured and a sketch of the network? Seeing this would probably allow us armchair quarterbacks to help figure this out.

-Benjamin

0 Likes
Reply
mderksen
L4 Transporter
‎04-07-2011 07:59 AM
‎04-07-2011 07:59 AM

From your text I would say the configuration should look like:

NAT: Source Zone; Guestnetwork, Destination Zone; External, Destination; 89.248.148.200, trans dest; 172.16.0.10

Security: Source Zone; Guestnetwork, Destination Zone; Internal, Source IP; guest subnet, Dest IP; 89.248.148.200

But indeed a snapshot from what you configured could help.

Marcel

0 Likes
Reply
jochristian
L4 Transporter
‎05-20-2011 04:30 AM
‎05-20-2011 04:30 AM

Did you find a solution on this problem? Seems like i'm stuck on a similiar problem.

Jo Christian

/Jo Christian
0 Likes
Reply
zanonibs
Not applicable
‎05-21-2011 02:17 PM
‎05-21-2011 02:17 PM

The DNS-proxy feature of PAN 4.x can be useful without using U-turn nat.

0 Likes
Reply
sherwin33
Not applicable
‎08-21-2013 01:33 AM
‎08-21-2013 01:33 AM

Hi,

Thanks for this.  I had the same problem for our guest wireless, needing to access out internal web servers.  Using the above NAT and Security policies got this to work!!

0 Likes
Reply
mbutt
L5 Sessionator
‎08-21-2013 11:27 AM
‎08-21-2013 11:27 AM

The following doc has a good use case example of U-Turn on page 22

https://live.paloaltonetworks.com/docs/DOC-1517

Let us know if this helps.

Thanks

Numan

Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks