PCLANTECHS
asked on
Sonicwall 1-to-1 Nat question
Have three public IPs. For example:
xxx.xxx.xxx.183 is used solely for the internal network.
xxx.xxx.xxx.184 is assigned to DVR1.
xxx.xxx.xxx.185 is assigned to DVR2.
The 2 DVRs are routing traffic TCP/UDP EXCLUSIVELY on port 7700.
Currently this setup is being done by using a switch after the cable modem.
We need to route all 3 through one firewall:
Routing would be 1-to-1 Nat:
Assign DVR1 staticIP xxx.xxx.xxx.184 to internal private address 10.10.10.101 for TCP/UDP 7700.
Assign DVR2 staticIP xxx.xxx.xxx.185 to internal private address 10.10.10.102 for TCP/UDP 7700.
What would the routing table look like for outgoing?
Is this the correct setup?
THanks
xxx.xxx.xxx.183 is used solely for the internal network.
xxx.xxx.xxx.184 is assigned to DVR1.
xxx.xxx.xxx.185 is assigned to DVR2.
The 2 DVRs are routing traffic TCP/UDP EXCLUSIVELY on port 7700.
Currently this setup is being done by using a switch after the cable modem.
We need to route all 3 through one firewall:
Routing would be 1-to-1 Nat:
Assign DVR1 staticIP xxx.xxx.xxx.184 to internal private address 10.10.10.101 for TCP/UDP 7700.
Assign DVR2 staticIP xxx.xxx.xxx.185 to internal private address 10.10.10.102 for TCP/UDP 7700.
What would the routing table look like for outgoing?
Is this the correct setup?
THanks
ASKER
thanks for the response. We are going to use a TZ 170. We actually contacted Sonicwall about this issues and they never mentioned using SonicOS Enhanced?
They stated it would work just as you have. Why would we c reate a service with the same name?
I was just going to setup the one-to-one and create the inbound and outbound rules which looks to be what you suggest.
Also, When you publish the publish the public server does this automatically create the outbound rule?
Thanks
They stated it would work just as you have. Why would we c reate a service with the same name?
I was just going to setup the one-to-one and create the inbound and outbound rules which looks to be what you suggest.
Also, When you publish the publish the public server does this automatically create the outbound rule?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I believe you must have SonicOS Enhanced to be able to do 1-to-1 NAT with multiple IP addresses. The funny thing with the Sonicwall is that you cannot tell it explicitly to listen to the 2 IP addresses, but you can tell it to apply NAT to the different IPs.
First, create 2 services (with the same name), one for TCP 7700 and one for UDP 7700.
Create a NAT rule (possibly using the Public Server Wizard) for the new service to point to your internal IPs. In the public server wizard, if you are using SonicOS Enhanced, it will ask you for "Server Public IP Address". Enter x.x.x.184 or .185 here.
Click on Apply, and you're done.