Special NAT configuration. Asking about possibility

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Special NAT configuration. Asking about possibility

L3 Networker

I have a working Hub & Spoke VPN network. Computers in Spoke1 can reach the computers in Spoke2 and vice versa. 

For some reason, a particular device in Spoke2 with IP 172.16.200.62 can only be reached by the computers in the same subnet. 

I want to know is it possible to assign a 172.16.200.x IP address to the computers in Spoke1 when they attempt to connect to that special device. I'm not sure this will achieve my target or not, but at least I can learn a new NAT technique if such configuration does exist.

 

The 3 firewalls below are PA-820.

 

HubAndSpoke.jpg

1 accepted solution

Accepted Solutions

L1 Bithead

Hello,

 

Simple fix for this is by creating a NAT rule

Nat from Spoke1 to Spoke2 -

Source Zone - Tunnel Interface Spoke1

Source IP Address - 192.168.100.0/24

Destination Zone  - Tunnel Interface Spoke2

Destination Address - 172.16.200.0/24

Source Translation - Dynamic IP and Port

Translated IP - 172.16.200.100

 

I hope this will help

 

 

View solution in original post

4 REPLIES 4

L4 Transporter

Hello @jeremylo 

Why don't you apply a source NAT on Spoke 2 (hiding all requests to 172.16.200.62 behind the firewall interface 172.16.200.x)?

L1 Bithead

Hello,

 

Simple fix for this is by creating a NAT rule

Nat from Spoke1 to Spoke2 -

Source Zone - Tunnel Interface Spoke1

Source IP Address - 192.168.100.0/24

Destination Zone  - Tunnel Interface Spoke2

Destination Address - 172.16.200.0/24

Source Translation - Dynamic IP and Port

Translated IP - 172.16.200.100

 

I hope this will help

 

 

Bingo! It works!

Thanks Pawel.

Hello Joerg,

This is a solution too. However, I also want to keep track of which computer in Spoke1 have connected to Spoke2.

  • 1 accepted solution
  • 3007 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!