Problems with routing two different LANs in the same interface

Reply
L2 Linker

Dear Reaper,

When I click on the link for U-Turn NAT it is giving me an error that I do not have permission to open it.


@reaper wrote:

Hi

 

please try configuring U-Turn NAT: How to Configure U-Turn NAT


 

L7 Applicator

Hi Ross

 

ok I see, the server on 10.10.10.0/24 does _not_ have a route back to the firewall

In that case, you will need to treat your server network as if it is 'the internet' and perform source NAT

 

from 'users' to 'servers' sourcenat 10.10.10.9

this will allow your servers to reply to your connections without needing a static route in their own routing table (route add 10.0.0.0 mask 255.255.255.0 10.10.10.2 -p)

you'll need to add a security policy so only 10.0.0.9 is allowed to connect to 10.10.10.0/24 (or the individual IPs of the servers)

 

 

here's another link to that article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEiCAK (your issue does not require U-turn)

 

 

 

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
L2 Linker

dear reaper,

Thank you so much for staying with me to help me with this.  The link to the article point me to "How to configure U-Tun NAT" however you also stated that I do not need U-Turn so I just want to make sure this is a correct article.

L7 Applicator

hi @rossghanim

 

This article relates to the question asked by adiazm

 

Your issue is different and requires regular source NAT

 

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
L2 Linker

Thank you so much Reaper

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!