This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

One-to-One NAT - DMZ to inside - how do I make it work?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

One-to-One NAT - DMZ to inside - how do I make it work?

darren_g
L4 Transporter

‎08-25-2013 08:44 PM

Folks.

I'm apparently having a particularly stupid day, because I can;t make something as simple as one-to-one NAT work.

Scenario is this.

I have an IP in my DMZ. I have assigned this IP to a particular server which is hosted on my INSIDE (secure) network.

All I want to do is take this IP address and NAT it to the inside address. Something like this

IP addresses have been changed to protect the stupid (me!).

So - request comes in from the web to 1.2.3.91, and I want to redirect it to 10.100.1.120 - only needs web browsing and PING.

but I can not, for the life of me, get it right.

I've got the following NAT rule

Original packet

Source Zone - Outside

Destination Zone - DMZ

Source Address - Any

Destination Address - 1.2.3.91

Translated Packet

Source Translation : None

Destination translation : 10.100.1.120

The security policy is as follows

Source : Outside

Source Address : Any

Destination : Inside

Destination Address : 10.100.1.120

I'm happy for anyone to point out where I'm being stupid and laugh at me - I know it's something obvious, but I'm banging my head trying to sort out what.

thanks

18 REPLIES 18

HULK
L7 Applicator

‎08-25-2013 09:01 PM

Apply the NAT from Zone --" Outside" to zone" Outside".  NAT lookup happens  PANFW before translate the original packet ( Public IP address).

Thanks

0 Likes Likes

HULK
L7 Applicator

‎08-25-2013 09:08 PM

Hello Sir,

Please go through the below mentioned documents.

Understanding PAN-OS NAT >>>>>>> Page No 15

     

Thanks

0 Likes Likes

HULK
L7 Applicator

‎08-25-2013 09:17 PM

Hello,

Please find below an example of One-to-one NAT.

D-NAT-1.JPG.jpg

D-NAT-2.JPG.jpg

Hope it helps.

Thanks

0 Likes Likes

darren_g
L4 Transporter
In response to HULK

‎08-25-2013 09:26 PM 

HULK wrote:




Hello Sir,




Please go through the below mentioned documents.




Understanding PAN-OS NAT >>>>>>> Page No 15


     




Thanks

Did that before I asked the dumb question. As far as I can tell, what I have now configured matches - and the damn thing still isn't working.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks