Solved

Watchguard 1:1 Nat Issue

Posted on 2012-04-04
3
730 Views
Last Modified: 2012-08-13
We have an xtm22 watchguard (should be similar on all models) but we have 2 external ip addresses for the sake of this ill use 1.1.1.1 and 1.1.1.2.
the watchguard external ip address is 1.1.1.1 and dynamic nat is using this for outgoing traffic and inbound main services SNAT using this. the issue i have is a webserver using 1:1 NAT of 1.1.1.2 -> 192.168.100.2 is not allowing internal users to connect using the external ip address i.e http://1.1.1.2. (it works fine from the outside)
could the issue be the way the watchguard handles this traffic now its 1:1 nat rather than just an snat like it used to be (which worked fine but outbound traffice wouldnt use 1.1.1.2, it would use 1.1.1.1 which was not wanted.)
0
Comment
Question by:active8it
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
unsatiated earned 300 total points
ID: 37806129
Please provide a little more detail on the current configuration.  Where does the web server reside?  In a DMZ?  If the server is on the inside lan?  The reason your internal clients cannot browse to the 1.1.1.2 address is because that NAT is based on the external network interface.  You cannot traverse out that interface from your internal network to simply reach a device within your network.  You will require either utilizing the 192.168.100.2 ip address or NAT that IP to a different one on your internal interface.
0
 
LVL 2

Author Comment

by:active8it
ID: 37806274
correction the 1:1 nat is working outbound so for example the webserver does identify itself online as 1.1.1.2.
but to simplify trying to access 1.1.1.2 from other sites etc fails. the watchguard shows unhandled packet for example on http://1.1.1.2. ive tried both snat rule so: 1.1.1.2>snat>192.168.100.2 and also just 1.1.1.2>allow>192.168.100.2 both seem to give same result.
0
 
LVL 3

Expert Comment

by:unsatiated
ID: 37806498
What port are you attempting to connect on?  I assume 80.  In the firewall, have you created a allowance for that port to this server as well?
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now