Turn off NAT for remote network on Sonicwall Enhanced OS

I have two locations, each with their own ISP. I have a Site-To-Site VPN between two Sonicwalls (one at each location) with enhanced firmware.

Everything is working fine.

We are now getting a new ISP. MPLS service. The new ISP is going to build the VPN tunnel between our two stores. Thay have asked that I make sure I do not NAT the traffic that is destined for the other store.

I notice in my NAT policies on both sonicwalls, there is a rule that NATs "all interface IP" to "Wan Primary IP".

I believe this is what they are asking about.

How do I make is so the traffic going to our other store is not NAT'd?

Thanks.
jasgotAsked:
Who is Participating?
 
jasgotConnect With a Mentor Author Commented:
Not possible with Sonicwall.
0
 
carlmdCommented:
The NAT policy you talking about is auto added, which means you cannot delete it.

This policy should not reporesent a problem for what you have been asked to do.
0
 
jasgotAuthor Commented:
It does. I cannot NAT any of the outgoing traffic to 192.168.2.X
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
carlmdCommented:
You are going to have to provide more information. Are you currently trying to use the "new" ISP service and that is a problem? If so, where is VPN tunnel created, on the Sonicwall or by the ISP? What are the ip ranges at each end of the tunnel, both LAN and WAN, and what interfaces have you used?
0
 
jasgotAuthor Commented:
I'm not sure how the ISP is routing the traffic, if it is a VPN, they are handling it and my traffic will never know about.

Store one: 192.168.1.X
Store two: 192.168.2.x

Both locations have a public IP on the WAN port of the sonciwall. They are asking me to route the 192.168.1.x traffic out the wan port without NAT.  (The same for the other store, but it is 192.168.2.x that will be routed.)

I don't see a way to stop NATing traffic based on destination. I think I will have to ask the ISP for another public IP on another subnet and apply it to the X2 or X3 port, then I can route all 192.168.1.x traffic out that interface.
0
 
carlmdCommented:
Are you saying that the ISP told you that if you send traffic from 192.168.1.x to a 192.168.2.x address that they are handling the routing for you? Assuming this is in place and connected/working, use the Sonciwall SYSTEM->DIAGNOSTICS-Diagnostic Tools to first ping something on the other LAN. If that works, then switch to TraceRoute and see how the traffic is getting there.
0
 
Syed_M_UsmanSystem AdministratorCommented:
Dear,

if your ISP providing MPLS connection to you means (Ideally),,,,,,they will be priving you PTP connection from Site "A" to Site "B".... in MPLS ISP put two modem one one site A and other on Site B and do the Routing @ their own end and prvide you dedicated bandwidth....

If all above is "YES", then you need to have L3 switch to do routing part for you. if all abive is yes pelase let me know for further configuration.
0
 
jasgotAuthor Commented:
This same MPLS connection will also be the internet connection.
0
 
jasgotAuthor Commented:
Sonicwall cannot operate one of the extra interfaces as non-NAT.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.