2 Replies Latest reply on Jul 8, 2015 3:10 PM by luis.vilarreal

    Mcafee Firewall Enterprise NAT (Inside to Outside)

    luis.vilarreal

      Hola todos, ante todo, disculpas por la traducción al inglés.

      Me gustaría saber si el escenario siguiente es posible en el Firewall enterprise:

       

      LAN --192.168.1.0/24--ROUTER --10.0.0.8/30--FW--10.0.0.4/30--ROUTER--10.0.0.0/30--ISP

       

      LAN: 192.168.1.0/24

      NAT Pool: 20.0.0.0/24

       

      Teniendo en cuenta lo anterior, me gustaría realizar NAT donde un host X con IP 192.168.1.2 sea nateado en el Firewall con el IP 20.0.0.1/24.

      Tener presente que la subred 20.0.0.0/24 no está asignada a ninguna interfaz del Firewall.

       

      ----------------------------------------------------------

      I wonder if the following scenario is possible in the Firewall enterprise :

      LAN --192.168.1.0 / 24 - LANGW--10.0.0.8 / 30 - FW - 10.0.0.4 / 30 - ROUTER - 10.0.0.0 / 30 - ISP

      LAN: 192.168.1.0/24
      NAT Pool: 20.0.0.0/24


      Given the above, I would like to make NAT where X host with IP 192.168.1.2 to pass through the firewall, is NATed to the address 20.0.0.1/24

      Keep in mind that the 20.0.0.0/24 subnet is not assigned to any interface Firewall.

        • 1. Re: Mcafee Firewall Enterprise NAT (Inside to Outside)
          sliedl

          You can NAT to any IP address you want, even if it's not on any of the firewall's interfaces.  If you do this then you must make sure that the receiving device knows to route back to the firewall for the reply traffic for these IP addresses, i.e. you must add a route on the outside devices pointing back to the firewall for this IP address range.  Keep in mind that these devices will then not be able to get to the 'real' 20.0.0.0/24 addresses that exist on the internet.

           

          The firewall cannot NAT to a pool of IP addresses, though.  It can do many-to-one NAT and one-to-one NAT but not one-to-many.  If you have the same size subnets (which you do, LAN: 192.168.1.0/24, NAT Pool: 20.0.0.0/24) you can create a Netmap object, which will NAT 192.168.1.1 to 20.0.0.1, 192.168.1.2 to 20.0.0.2, etc.

          • 2. Re: Mcafee Firewall Enterprise NAT (Inside to Outside)
            luis.vilarreal

            One-to-One

             

            Muchas gracias, su respuesta es lo que buscaba.

             

            Saludos