jasgot
asked on
Turn off NAT for remote network on Sonicwall Enhanced OS
I have two locations, each with their own ISP. I have a Site-To-Site VPN between two Sonicwalls (one at each location) with enhanced firmware.
Everything is working fine.
We are now getting a new ISP. MPLS service. The new ISP is going to build the VPN tunnel between our two stores. Thay have asked that I make sure I do not NAT the traffic that is destined for the other store.
I notice in my NAT policies on both sonicwalls, there is a rule that NATs "all interface IP" to "Wan Primary IP".
I believe this is what they are asking about.
How do I make is so the traffic going to our other store is not NAT'd?
Thanks.
Everything is working fine.
We are now getting a new ISP. MPLS service. The new ISP is going to build the VPN tunnel between our two stores. Thay have asked that I make sure I do not NAT the traffic that is destined for the other store.
I notice in my NAT policies on both sonicwalls, there is a rule that NATs "all interface IP" to "Wan Primary IP".
I believe this is what they are asking about.
How do I make is so the traffic going to our other store is not NAT'd?
Thanks.
ASKER
It does. I cannot NAT any of the outgoing traffic to 192.168.2.X
You are going to have to provide more information. Are you currently trying to use the "new" ISP service and that is a problem? If so, where is VPN tunnel created, on the Sonicwall or by the ISP? What are the ip ranges at each end of the tunnel, both LAN and WAN, and what interfaces have you used?
ASKER
I'm not sure how the ISP is routing the traffic, if it is a VPN, they are handling it and my traffic will never know about.
Store one: 192.168.1.X
Store two: 192.168.2.x
Both locations have a public IP on the WAN port of the sonciwall. They are asking me to route the 192.168.1.x traffic out the wan port without NAT. (The same for the other store, but it is 192.168.2.x that will be routed.)
I don't see a way to stop NATing traffic based on destination. I think I will have to ask the ISP for another public IP on another subnet and apply it to the X2 or X3 port, then I can route all 192.168.1.x traffic out that interface.
Store one: 192.168.1.X
Store two: 192.168.2.x
Both locations have a public IP on the WAN port of the sonciwall. They are asking me to route the 192.168.1.x traffic out the wan port without NAT. (The same for the other store, but it is 192.168.2.x that will be routed.)
I don't see a way to stop NATing traffic based on destination. I think I will have to ask the ISP for another public IP on another subnet and apply it to the X2 or X3 port, then I can route all 192.168.1.x traffic out that interface.
Are you saying that the ISP told you that if you send traffic from 192.168.1.x to a 192.168.2.x address that they are handling the routing for you? Assuming this is in place and connected/working, use the Sonciwall SYSTEM->DIAGNOSTICS-Diagno
Dear,
if your ISP providing MPLS connection to you means (Ideally),,,,,,they will be priving you PTP connection from Site "A" to Site "B".... in MPLS ISP put two modem one one site A and other on Site B and do the Routing @ their own end and prvide you dedicated bandwidth....
If all above is "YES", then you need to have L3 switch to do routing part for you. if all abive is yes pelase let me know for further configuration.
if your ISP providing MPLS connection to you means (Ideally),,,,,,they will be priving you PTP connection from Site "A" to Site "B".... in MPLS ISP put two modem one one site A and other on Site B and do the Routing @ their own end and prvide you dedicated bandwidth....
If all above is "YES", then you need to have L3 switch to do routing part for you. if all abive is yes pelase let me know for further configuration.
ASKER
This same MPLS connection will also be the internet connection.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sonicwall cannot operate one of the extra interfaces as non-NAT.
This policy should not reporesent a problem for what you have been asked to do.