This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PA-850 Static NAT between 2 Switches

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PA-850 Static NAT between 2 Switches

zbSA24
L1 Bithead

‎03-08-2024 09:01 AM

Hello all.  Looking for help here.  I am trying to create a static NAT between two switches using a vwire, but it doesn't seem to be working.  Can someone please provide steps on how to make this happen?  I do not wish to insert routers between the switches, and wasn't sure if this was possible.  I'm new to networking and firewalls, and have been tasked to try and figure this out.  Any help would be greatly appreciated.

 

Thanks in advance!

Zach (a struggling SA)

0 Likes Likes
7 REPLIES 7

Claw4609
Cyber Elite
Cyber Elite

‎03-08-2024 09:25 AM - edited ‎03-08-2024 09:26 AM

Hello,

 

What does your NAT rule look like? And what exactly is happening, is it not translating? 

 

Heres an example for the docs: Virtual Wire Static NAT Example (paloaltonetworks.com)

0 Likes Likes

zbSA24
L1 Bithead
In response to Claw4609

‎03-08-2024 09:41 AM

So I've been looking at that example myself, and i can't figure out if those routers are physical routers or are they the virtual routers offered in the firewall?

0 Likes Likes

zbSA24
L1 Bithead

‎03-08-2024 09:42 AM

When i try to test the NAT, it says no Rule matched. Unfortunately, my equipment is not on an unclass platform that i can take pictures and stuff.

0 Likes Likes

zbSA24
L1 Bithead
In response to zbSA24

‎03-08-2024 09:59 AM

here is something i drew up on pp to try and illustrate my problem.  my rules matched what was in the document.

Preview file
141 KB
0 Likes Likes

Claw4609
Cyber Elite
Cyber Elite

‎03-08-2024 11:36 AM - edited ‎03-08-2024 11:37 AM

I guess Im confused from your picture what you're trying to NAT. In the document those are two routers, not virtual routers on the firewall. Those two routers are not being NAT between each other. One is 198.51.100.1 and the other is 198.51.100.2, with .2 having a route for 198.51.100.100/32 pointing to the other router of .1.

 

What are you trying to translate to what and what are you trying to solve? If youre trying to have 192.51.100.1/28 route to 192.51.100.2/28 and you have the Palo in-between you wouldn't need to necessarily nat between the two, they would just have to have routes to know where to go.

0 Likes Likes

zbSA24
L1 Bithead
In response to Claw4609

‎03-08-2024 12:07 PM

Ok, so my inside switch has a vlan with an ip of 192.51.100.x, and I am trying to translate that to a vlan on my outside switch, to an ip of 22.59.95.x.

0 Likes Likes

zbSA24
L1 Bithead
In response to zbSA24

‎03-08-2024 12:08 PM

the PA-850 doesn't like it because it says the translated address isn't in the same subnet (or network for that matter).  But isn't that the purpose of the NAT?

0 Likes Likes
  • 1248 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks