Nathan Vanderwyst
asked on
SonicWALL TZ400 Access Single X0 Interface IP from Many X3 Interface IP’s
I want to be able to access X0 (LAN) IP 192.168.1.51 from X3 (LAN2) 172.16.1.0/24
1. X0 (LAN) and X3 (LAN2) are trusted interfaces and have corresponding Any/Any access to each other as separate firewall rules (automatically created by SonicWALL when trusted is enabled).
2. I created address object AO_X0_IP for 192.168.1.51 and a corresponding address object AO_X3_IP to translate to 172.16.1.51
3. I then created address object AO_X3_RNG for 172.16.1.0/24 for full range of subnet
4. I then created and enabled the following NAT policy
a. Original Source: AO_X3_RNG
b. Translated Source: Original
c. Original Destination: AO_X3_IP
d. Translated Destination: AO_X0_IP
e. Original Service: Any
f. Translated Service: Original
g. Inbound Interface: Any
h. Outbound Interface: Any
This all seems correct, but yet I cannot access, or even ping, X0 (LAN) IP 192.168.1.51 from X3 (LAN2) 172.16.1.0/24. That is, when I'm on the X3 subnet and I ping 172.16.1.51 it should translate to 192.168.1.51 on X0 and reply back, but no joy. Can anyone help me solve this problem? Thank you.
1. X0 (LAN) and X3 (LAN2) are trusted interfaces and have corresponding Any/Any access to each other as separate firewall rules (automatically created by SonicWALL when trusted is enabled).
2. I created address object AO_X0_IP for 192.168.1.51 and a corresponding address object AO_X3_IP to translate to 172.16.1.51
3. I then created address object AO_X3_RNG for 172.16.1.0/24 for full range of subnet
4. I then created and enabled the following NAT policy
a. Original Source: AO_X3_RNG
b. Translated Source: Original
c. Original Destination: AO_X3_IP
d. Translated Destination: AO_X0_IP
e. Original Service: Any
f. Translated Service: Original
g. Inbound Interface: Any
h. Outbound Interface: Any
This all seems correct, but yet I cannot access, or even ping, X0 (LAN) IP 192.168.1.51 from X3 (LAN2) 172.16.1.0/24. That is, when I'm on the X3 subnet and I ping 172.16.1.51 it should translate to 192.168.1.51 on X0 and reply back, but no joy. Can anyone help me solve this problem? Thank you.
ASKER
I want to separate the two LAN's so that there is no traffic between them except for hitting that single IP address. Your suggestion did not work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did not know that PING did not work across the interfaces.
Is there a reason why you were trying to do NAT for this particular issue?