Solved

Sonicwall site-site VPN with NAT

Posted on 2013-05-14
4
468 Views
Last Modified: 2013-06-04
I am being asked to create a site-site VPN with a vendor.  They indicate that my private network ID  matches a network ID within their large enterprise, so they are wondering if it would be possible to NAT to the private IP of the machine on my side.  I am unfamiliar with how to do this with a Sonicwall so I was wondering if anyone could point me in the right direction.

The site-site VPN allows the vendor to send HL7 formatted messages to a computer on my side of the VPN for a lab results interface that is part of an electronic medical records program.
0
Comment
Question by:Steve Bantz
  • 2
4 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 39166151
Do you mean that your NATed LAN (for example, 192.168.0.0/24) matches some segment on their network as well?
0
 

Author Comment

by:Steve Bantz
ID: 39166538
Yes.
0
 
LVL 11

Accepted Solution

by:
rharland2009 earned 200 total points
ID: 39167847
You could likely accomplish this by creating a static NAT entry where one of your public IP addresses is matched with private address of the machine your vendor wants to access. They would then set up the secure connection with the public IP and hopefully avoid the problem of duplicate private addressing in that way.
0
 
LVL 7

Expert Comment

by:bclongacre
ID: 39196006
You would need to Create an address object for the public IP address and an address object for your target computer, then create a NAT rule that would take inbound traffic from your WAN interface to your public IP address to be directed to the address object of your target internal machine's address object on your LAN interface.  I believe you would also need to check the box to create a reflexive policy.

I believe the NAT rule would look something like this:

Original Source: Any OR if you know the IP address that it would be originating from create an address object and enter that\
Translated Source: the address object of your public ip
Original Destination: the Address object for your public ip
Translated Destination: the address object of your target internal computer
Original Service: either a custom Service or Service Group that would cover the specific incoming traffic OR any (not recommended...)
Translated Service: original
Inbound Interface: WAN (the specific interface that your WAN is connected to)
Outbound Interface: LAN (the specific interface that your target internal computer is connected to)

Enable NAT Policy: Check
Create a reflexive policy: Check

You would then also need to ensure that you had a firewall rule in place that would allow the specified traffic to the address object from on your WAN interface to traverse to your specified address object on your LAN interface.

The firewall rule would look something like this:

Allow
From Zone: WAN
To Zone: LAN
Service: the Service Group specified in the NAT policy
Source: the Translated Source address object
Destination: the Translated Destination address object

Advanced Tab
Create a reflexive rule: Check
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now