Hi, I have a little problem
Consider that we have a server A with the ip address 10.
And server B with the IP adress 20.
And a real IP address of 100.
İ want to set up a NAT, that if a web service comes to ip 100, it would forward this to 10
And if a mail service comes to ip 100 it would forward it to 20.
And would like to both servers to go out with the ip address of 100.
How can i make this?
İ made rule of
dest 100 with service 80 destination nat static to 10
dest 100 with service 25 destination nat static to 20
source 10 any any sourcenat to static 100
source 20 any any sourcenat to static 100
what am i missing here?
after reading couple of documents i have changed the configuration like,
from zone internet to zone internet dest 100 with service 80 destination nat to 10
from zone internet to zone internet dest 100 with service 25 destination nat to 20
and removed the other two rules but nothing changed.
thanks in advance,
Change the source zone and the destination zone to be "Internet".
You can verify the traffic using :
show session all filter source 184.108.40.206
This will provide a list of session IDs associated with the 220.127.116.11 address and tell you the application.
View the individual session using:
show session id ###
This will show you the details, ingress and egress interfaces, NAT and Security rules processing the packet.
Make sure you have a secusity rule that allows from the outside or internet to the inside of your network for the ports or IP addresses mentioned in your NAT rules.
Security rules are post-nat, but NAT is not actually implemented until packet egress. This means that for the inbound, destination-nat packets the external IP's should be used in the policy. For the outbound initiated traffic the internal IP's should be used in the security policy.
The NAT rules are only for the direction the traffic is initiated. Traffic initiated from the Internet will be destination-natted and the return traffic in the same session will correctly use the same natted IP as the source IP. Traffic initiated from the internal network will not hit the first two VNAT rules so you will need an outbound NAT rule. You can have a single source-nat rule that encompasses both internal IP's for your purposes.
How exactly is it not working? Are packets not hitting the Security Policy? Do you see them in the logs but with the incorrect NAT IP's in the details?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!