Solved

Nat Policy SonicWall TZ170

Posted on 2009-05-13
3
1,767 Views
Last Modified: 2013-11-16
SonicWall TZ170
OS- Sonic OS Enhanced 2.1.02
Three zones on the firewall: WAN- 192.168.1.1, LAN- 172.16.1.1, OPT (DMZ)- 10.10.10.1

I am trying to set up a NAT policy from the DMZ to the LAN zone and back.  I want machine A (10.10.10.2) connected to the OPT port to look like it is coming from the LAN Port (172.16.1.1) when it contacts machine b (172.16.1.2) on the LAN using ssh.

[10.10.10.2] >>> [10.10.10.1 OPT-SONICWALL-LAN 172.16.1.1] >>> [172.16.1.2]

In the left margin I went to NETWORK>NAT POLICIES> ADD
Original Source: 10.10.10.2
Translated Source: 172.16.1.1
Original Destination:  10.10.10.1
Translated Destination: 172.16.1.2
Original Service: SSH
Translated Service: SSH
Inbound Interface: ANY
Outbound Interface: ANY

Original Source: 172.16.1.2
Translated Source: 10.10.10.1
Original Destination:  172.16.1.1
Translated Destination: 10.10.10.2
Original Service: SSH
Translated Service: SSH
Inbound Interface: ANY
Outbound Interface: ANY

It takes the policy without error and looks like it should work.

I also setup firewall rules to allow the traffic from the DMZ to the LAN.

I try to ssh from 10.10.10.2 to 172.16.1.2 and the outgoing packet makes it out of the SonicWall, but it has a source address of 10.10.10.2.   The sonicwall is simply passing the packet through and not changing the source address to 172.16.1.1.  So when 172.16.1.2 gets it it doesn't know what to do with it.  No matter what I try the packet passes through the SonicWall with out it being NATed to 172.16.1.1.

I'm looking for any suggestions on this.  I've tried everything I can think of.    
0
Comment
Question by:credog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
KevinCovert earned 500 total points
ID: 24376892
Try using a translated IP that is not your gateway IP.  

orig        <<>> translated
10.x.x.2.<<>>172.x.x.3

172.x.x.2 <<>> 10.x.x.3

I would give that a shot first.
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24437130
How are you doing on this issue?
0
 

Author Closing Comment

by:credog
ID: 31581024
Sorry it took so long to get back to this issue.  We decided to go another way, so I was unable to try your solution.  Thank you for responding.
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fortigate 100D NTP Issue 4 219
New VoIP phone system - what networking changes should be made 4 250
Sonicwall SHA issue 4 55
Windows ADHow to restrict port 6881 bit Torrent 3 44
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question