Watchguard 1:1 Nat Issue

We have an xtm22 watchguard (should be similar on all models) but we have 2 external ip addresses for the sake of this ill use 1.1.1.1 and 1.1.1.2.
the watchguard external ip address is 1.1.1.1 and dynamic nat is using this for outgoing traffic and inbound main services SNAT using this. the issue i have is a webserver using 1:1 NAT of 1.1.1.2 -> 192.168.100.2 is not allowing internal users to connect using the external ip address i.e http://1.1.1.2. (it works fine from the outside)
could the issue be the way the watchguard handles this traffic now its 1:1 nat rather than just an snat like it used to be (which worked fine but outbound traffice wouldnt use 1.1.1.2, it would use 1.1.1.1 which was not wanted.)
LVL 2
active8itAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

unsatiatedCommented:
Please provide a little more detail on the current configuration.  Where does the web server reside?  In a DMZ?  If the server is on the inside lan?  The reason your internal clients cannot browse to the 1.1.1.2 address is because that NAT is based on the external network interface.  You cannot traverse out that interface from your internal network to simply reach a device within your network.  You will require either utilizing the 192.168.100.2 ip address or NAT that IP to a different one on your internal interface.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
active8itAuthor Commented:
correction the 1:1 nat is working outbound so for example the webserver does identify itself online as 1.1.1.2.
but to simplify trying to access 1.1.1.2 from other sites etc fails. the watchguard shows unhandled packet for example on http://1.1.1.2. ive tried both snat rule so: 1.1.1.2>snat>192.168.100.2 and also just 1.1.1.2>allow>192.168.100.2 both seem to give same result.
0
unsatiatedCommented:
What port are you attempting to connect on?  I assume 80.  In the firewall, have you created a allowance for that port to this server as well?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.