[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 791
  • Last Modified:

Turn off NAT for remote network on Sonicwall Enhanced OS

I have two locations, each with their own ISP. I have a Site-To-Site VPN between two Sonicwalls (one at each location) with enhanced firmware.

Everything is working fine.

We are now getting a new ISP. MPLS service. The new ISP is going to build the VPN tunnel between our two stores. Thay have asked that I make sure I do not NAT the traffic that is destined for the other store.

I notice in my NAT policies on both sonicwalls, there is a rule that NATs "all interface IP" to "Wan Primary IP".

I believe this is what they are asking about.

How do I make is so the traffic going to our other store is not NAT'd?

Thanks.
0
jasgot
Asked:
jasgot
  • 5
  • 3
1 Solution
 
carlmdCommented:
The NAT policy you talking about is auto added, which means you cannot delete it.

This policy should not reporesent a problem for what you have been asked to do.
0
 
jasgotAuthor Commented:
It does. I cannot NAT any of the outgoing traffic to 192.168.2.X
0
 
carlmdCommented:
You are going to have to provide more information. Are you currently trying to use the "new" ISP service and that is a problem? If so, where is VPN tunnel created, on the Sonicwall or by the ISP? What are the ip ranges at each end of the tunnel, both LAN and WAN, and what interfaces have you used?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
jasgotAuthor Commented:
I'm not sure how the ISP is routing the traffic, if it is a VPN, they are handling it and my traffic will never know about.

Store one: 192.168.1.X
Store two: 192.168.2.x

Both locations have a public IP on the WAN port of the sonciwall. They are asking me to route the 192.168.1.x traffic out the wan port without NAT.  (The same for the other store, but it is 192.168.2.x that will be routed.)

I don't see a way to stop NATing traffic based on destination. I think I will have to ask the ISP for another public IP on another subnet and apply it to the X2 or X3 port, then I can route all 192.168.1.x traffic out that interface.
0
 
carlmdCommented:
Are you saying that the ISP told you that if you send traffic from 192.168.1.x to a 192.168.2.x address that they are handling the routing for you? Assuming this is in place and connected/working, use the Sonciwall SYSTEM->DIAGNOSTICS-Diagnostic Tools to first ping something on the other LAN. If that works, then switch to TraceRoute and see how the traffic is getting there.
0
 
Syed_M_UsmanCommented:
Dear,

if your ISP providing MPLS connection to you means (Ideally),,,,,,they will be priving you PTP connection from Site "A" to Site "B".... in MPLS ISP put two modem one one site A and other on Site B and do the Routing @ their own end and prvide you dedicated bandwidth....

If all above is "YES", then you need to have L3 switch to do routing part for you. if all abive is yes pelase let me know for further configuration.
0
 
jasgotAuthor Commented:
This same MPLS connection will also be the internet connection.
0
 
jasgotAuthor Commented:
Not possible with Sonicwall.
0
 
jasgotAuthor Commented:
Sonicwall cannot operate one of the extra interfaces as non-NAT.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now