?
Solved

Sonicwall site-site VPN with NAT

Posted on 2013-05-14
4
Medium Priority
?
478 Views
Last Modified: 2013-06-04
I am being asked to create a site-site VPN with a vendor.  They indicate that my private network ID  matches a network ID within their large enterprise, so they are wondering if it would be possible to NAT to the private IP of the machine on my side.  I am unfamiliar with how to do this with a Sonicwall so I was wondering if anyone could point me in the right direction.

The site-site VPN allows the vendor to send HL7 formatted messages to a computer on my side of the VPN for a lab results interface that is part of an electronic medical records program.
0
Comment
Question by:Steve Bantz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 39166151
Do you mean that your NATed LAN (for example, 192.168.0.0/24) matches some segment on their network as well?
0
 
LVL 1

Author Comment

by:Steve Bantz
ID: 39166538
Yes.
0
 
LVL 11

Accepted Solution

by:
rharland2009 earned 600 total points
ID: 39167847
You could likely accomplish this by creating a static NAT entry where one of your public IP addresses is matched with private address of the machine your vendor wants to access. They would then set up the secure connection with the public IP and hopefully avoid the problem of duplicate private addressing in that way.
0
 
LVL 7

Expert Comment

by:bclongacre
ID: 39196006
You would need to Create an address object for the public IP address and an address object for your target computer, then create a NAT rule that would take inbound traffic from your WAN interface to your public IP address to be directed to the address object of your target internal machine's address object on your LAN interface.  I believe you would also need to check the box to create a reflexive policy.

I believe the NAT rule would look something like this:

Original Source: Any OR if you know the IP address that it would be originating from create an address object and enter that\
Translated Source: the address object of your public ip
Original Destination: the Address object for your public ip
Translated Destination: the address object of your target internal computer
Original Service: either a custom Service or Service Group that would cover the specific incoming traffic OR any (not recommended...)
Translated Service: original
Inbound Interface: WAN (the specific interface that your WAN is connected to)
Outbound Interface: LAN (the specific interface that your target internal computer is connected to)

Enable NAT Policy: Check
Create a reflexive policy: Check

You would then also need to ensure that you had a firewall rule in place that would allow the specified traffic to the address object from on your WAN interface to traverse to your specified address object on your LAN interface.

The firewall rule would look something like this:

Allow
From Zone: WAN
To Zone: LAN
Service: the Service Group specified in the NAT policy
Source: the Translated Source address object
Destination: the Translated Destination address object

Advanced Tab
Create a reflexive rule: Check
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question