SonicWall Policy NAT

I want to config a Sonicwall 2400 to NAT the LAN IP 172.16.0.0/24 to 10.76.0.100 IF the DESTINATION is 10.75.0.0/24.   The 10.76.0.0/24 Network is on another internal router but I need to NAT it due to 172.16.0.0/24 IP overlap on a L2L VPN.  

Is it possible to NAT on a LAN interface and then add a static route(NAT IP 10.76.0.100) to another inside router(10.76.0.1) using the SonicWall 2400?
LVL 3
hanckeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

digitapCommented:
Yes.  The instructions show how to NAT before sending over a VPN which is essentially what's happening.  The sonicwall sees where the source IP is going and that it must NAT that to a "local hide" IP, then sends it to the destination.  If you don't need it to go over a VPN, then you can ignore the VPN steps in the instructions provided by rfc1180.
0
hanckeAuthor Commented:
Do you know if Sonicwall will NAT LAN traffic without it going out the WAN?  Basically will it NAT on the same interface without going across 2 interfaces?

I'll try the NAT portion of the VPN setup.
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

digitapCommented:
Possibly.  You'd just need to make sure you get the NAT correct.  If you have enhanced OS, you can get fairly granular with the NAT rules.

I've always used this when i needed to mask a local network when the destination network was using the same IP network.
0
digitapCommented:
I think you'd do it like this:

Original Source: 172.16.0.0/24
Translated Source: 10.76.0.100

Original Destination: 10.75.0.0/24
Translated Destination: Original

Original Service: Any
Translated Service: Original

Inbound Interface: Any
Outbound Interface: Any

When you create the NAT, click the box for Creating a reflexive policy to NAT the traffic back to the local network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hanckeAuthor Commented:
I have the NAT policies built and the routing setup.  I'll have to try it Monday when I can get to a PC to test it.
I've done NAT policy and policy routing but it has always been to the WAN or VPN.  Never just on the LAN.
Thanks for the help!
0
digitapCommented:
yes...the most complicated i've managed is a point to point VPN where the primary IP networks were the same, but each side had other networks that weren't NAT'd.  it's fun.
0
digitapCommented:
thanks for the points!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.