Solved

One-To-One NAT on Sonicwall NSA 2400

Posted on 2014-01-08
3
1,445 Views
Last Modified: 2014-01-10
I am trying to create a One to One NAT on my NSA 2400 firewall so that I can map an external IP address to an internal IP address with all ports open.  I need it for a videoconferencing unit that will only be used every once in a while and uses so many various ports, (over 12), that I would just assume give it an external IP address.
0
Comment
Question by:apsonline
3 Comments
 
LVL 15

Accepted Solution

by:
Perarduaadastra earned 150 total points
ID: 39766273
You don't need to give it a public IP; just assign it a range of ports large enough for its needs.
0
 
LVL 10

Assisted Solution

by:convergint
convergint earned 100 total points
ID: 39766787
Essentially you are looking to do a DMZ I think.  In the Sonicwalls it is called Transparent mode.  In this link you should see everything you need to get it done: http://kb.guru-corner.com/question.php?ID=297.  There's also a different video on this at: http://www.firewalls.com/videos/video/creating-a-sonicwall-dmz-using-layer-2-bridging.html

If the first link breaks, here's a copy and paste of it but it's missing some of the screenshots:

Transparent mode simulates the bridging of WAN-side IP addresses/subnets onto internal interfaces, such as the LAN or DMZ interface, by means of controlling the ARP and routing behavior for the affected addresses. Transparent Mode allocations are extremely flexible, allowing for multiple internal interfaces in different zones to simultaneously operate in Transparent Mode, as long as the address assignments remain unique and non-overlapping. Transparent mode can be useful in environments where it is not possible to change existing internal IP addressing, or where it is necessary to deploy a SonicWALL in a non-interruptive, in-line fashion.

Transparent Mode works on a SonicWALL by defining a “Transparent Range” address object associated with the WAN subnet. The “Transparent Range” defines which external (WAN side) IP addresses the SonicWALL will consider to be attached to an internal interface. The Transparent Range object can be a Host, Range, or group of Host or Range Address Objects. Addresses within the Transparent Range will not be NAT’d on egress from the WAN interface, instead, they will retain their original source IP addresses.




Procedure:

Configuring Interfaces in Transparent Mode

Transparent Mode enables the SonicWALL security appliance to bridge the WAN subnet onto an internal interface. To configure an interface for transparent mode, complete the following steps:

  Step 1 Click on the Configure icon in the Configure column for Unassigned Interface you want to configure. The Edit Interface window is displayed.

Step 2 Select an interface.

•If you select a configurable interface, select LAN or DMZ for Zone.
•If you want to create a new zone for the configurable interface, select Create a new zone. The Add Zone window is displayed.

Step 3 Select Transparent Mode from the IP Assignment menu.



Step 4 From the Transparent Range menu, select an address object that contains the range of IP addresses you want to have access through this interface. The address range must be within the WAN zone and must not include the WAN interface IP address. If you do not have an address object configured that meets your needs:

a. In the Transparent Rangemenu, select Create New Address Object.
b. In the Add Address Object window, enter a name for the address range.
      a. For Zone Assignment, select WAN.
      b. For Type, select:

Host if you want only one network device to connect to this interface.  
Range to specify a range of IP addresses by entering beginning and ending value of the range.
Network to specify a subnet by entering the beginning value and the subnet mask. The subnet must be within the WAN address range and cannot include the WAN interface IP address.
c. Enter the IP address of the host, the beginning and ending address of the range, or the IP address and subnet mask of the network.
d. Click OK to create the address object and return to the Edit Interface window.
Step 5 Enter any optional comment text in the Comment field. This text is displayed in the Comment column of the Interface table.

Step 6 If you want to enable remote management of the SonicWALL security appliance from this interface, select the supported management protocol(s): HTTP, HTTPS, SSH, Ping, SNMP, and/or SSH. To allow access to the WAN interface for management from another zone on the same appliance, access rules must be created.

Step 7 If you want to allow selected users with limited management rights to log directly into the security appliance through this interface, select HTTP and/or HTTPS in User Login.

Step 8 Click OK.
 
Note: The administrator password is required to regenerate encryption keys after changing the SonicWALL security appliance’s address.
Configuring Advanced Settings for the Interface

If you need to force an Ethernet speed, duplex and/or MAC address, click the Advanced tab. The Ethernet Settings section allows you to manage the Ethernet settings of links connected to the SonicWALL. Auto Negotiate is selected by default as the Link Speed because the Ethernet links automatically negotiate the speed and duplex mode of the Ethernet connection. If you want to specify the forced Ethernet speed and duplex, select one of the following options from the Link Speed menu:

•1000 Mbps - Full Duplex ()
•100 Mbps - Full Duplex
•100 Mbps - Half Duplex
•10 Mbps - Full Duplex
•10 Mbps - Half Duplex

You can choose to override the Default MAC Address for the Interface by selecting Override Default MAC Address and entering the MAC address in the field. Check Enable Multicast Support to allow multicast reception on this interface.

Caution: If you select a specific Ethernet speed and duplex, you must force the connection speed and duplex from the Ethernet card to the SonicWALL security appliance as well.

Configuring the hosts connected to the Transparent interface:

The hosts connected to the X2 interface should be configured with the IP addresses within the Transparent Range. The default gateway could either be the upstream ISP router address or the SonicWALL WAN interface IP. Once the hosts are configured appropriately they will be able to go online with the IP address assigned to them without being NAT'ed. Conversely, the hosts can be reached from the WAN side of the SonicWALL with the IP address assigned to them provided a WAN > DMZ Allow rule exists.
0
 

Author Closing Comment

by:apsonline
ID: 39771316
Thanks, I created an entry and just opened all of the ports for one internal IP address and it worked.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration, of the HP EVA 4400 SAN Storage. The name , IP and the WWN ID’s used here are not the real ones. ABOUT THE STORAGE For most of you reading this, you …
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now