Source and destination both NAT required for inbound connection on Azure...

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Source and destination both NAT required for inbound connection on Azure...

L1 Bithead

Hi Team,

 

On public cloud Azure, why we need to translate source address also for Destination NAT?

When i am translating source with trust interface IP it is working fine but when i am keeping the address as original it is not working. 

Kindly let me know is there any limitation on Public cloud for that we require source translation as well?

 

Regards,

Om Prasad 

2 REPLIES 2

L4 Transporter

Hello @omprasadax 

This mainly depends on how the routing is configured. Azure is very kind and adds routes of peered vNets and so on. Unfortunately this is not what we need when using a NVA.

Check the effective route on the servers, and overwrite the routing accordingly. Asynchronous routing has to be prevented.

L2 Linker

It's due to the return path routing.  If you were using a single firewall or an HA pair, you would need to have your 0/0 route pointing back to the firewall to maintain symmetry.  Typically, it is recommended to use an App Gateway in front of the firewalls which can insert the XFF header if the traffic is HTTP.

  • 2640 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!