Overload and Fixed IP Nat rule

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Overload and Fixed IP Nat rule

L1 Bithead

Hello, i am trying to do somehting that hosuld be very simple and straight forward but for some reasons, its not working.

My customer has two internet connections : ADSL and IP-SHDSL used as below :

ADSL router used for all browsing (from all users ) -copnnected to ethernet 1/1

IP-SHDSL Router used only for  Fixed IP services :- Exchange Server and SQL Server - connected to ethernet 1/4

Exchange has a public IP of 197.227.1.121 and internal IP of 172.16.2.3

SQL Has a Public IP of 197.227.1.124 and internal IP of 172.16.2.13

I am trying to configure the PA-500 so that all users go out to internet via the ADSL connection (workign wonderfully)

But I want traffic from the Exchange and the SQL to go out to internet via the IP-SHDSL with their public IP address, this part is not working at all.

any ideas  out there ?

regards,

9 REPLIES 9

Not applicable

Policy Base Forwarding rules are there for that

Rule 1: Exchange server to internet will exit on SDSL interface

Rule 2: Exchange server to internet will exit on SDSL interface

Rule 3: all other traffic to internet will exit on cheap internet line

Have tried that, but not working...

Did you also create bi-directional NAT rules for SQL and mail server?

You should post a screenshot of your filetring rules, PBF, NAT and network interfaces. I have some use case with 3 internet lines and no problem....

See attached configuration snapshot.

Sorry, I had added this long comment then discovered you had set the rules to bi-directional.

Hi

I noticed your PBF rules lack a next hop

You'll need this next hop IP to route your traffic out to the next router so it will be able to go out to the internet.

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

I have corrected that give the IP address of the SDSL router, but still it does not go through.

i do a simple tracer from the Ex server to outside and i see that the trace hangs on reaching the PAN (172.16.2.1) after that it seems it can't get the route tight.

Uploading some new configuration so you can see exactly what I have and where i might have gone wrong.

regards,

Hello, Please open a case with support if you continue to have problems and we can take a detailed look.

Thanks

  • 16332 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!