typertec
asked on
NS-500 Source translation
Can someone tell me what is happening when you create a policy and specify
SOURCE TRANSLATION on a netscreen?
I had to setup a VPN on the netscreen concentrator to a PIX515. At first the PIX was able to get to my host but when I looked at the policy I saw traffic received, but none sent. We have overlapping Proxy IDs. I had to EDIT the policy and select "SOURCE TRANSLATION" for it to work.
Is the SOURCE TRANSLATION the same as the PIX's NONAT command?
SOURCE TRANSLATION on a netscreen?
I had to setup a VPN on the netscreen concentrator to a PIX515. At first the PIX was able to get to my host but when I looked at the policy I saw traffic received, but none sent. We have overlapping Proxy IDs. I had to EDIT the policy and select "SOURCE TRANSLATION" for it to work.
Is the SOURCE TRANSLATION the same as the PIX's NONAT command?
ASKER
Yes I see that. It's translating the source IP address to the EGRESS interface (Untrust interface). Why does it work when I have that checked? So in other words, when the packet comes into the NS-500 it looks like it's coming from the EGRESS interface.
When I'm not doing "SOURCE translation" and the other side does a ping test, I can see the policy logs showing bytes sent, but nothing received.
When I check SOURCE INTERFACE, then the other side is able to get the replies back.
When I'm not doing "SOURCE translation" and the other side does a ping test, I can see the policy logs showing bytes sent, but nothing received.
When I check SOURCE INTERFACE, then the other side is able to get the replies back.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will see that the source address and the translated source address is different. It will either be set to the external interface ip that the firewall is set to or to a DIP that you set up on the external interface. This means that the firewall is translating or performing a nat for the source address.