Using same address for IP Pool & Virtual IP

Forum|Forum|11 years ago
July 8, 2014
3 replies
7473 views

Hi, So I have an existing flow: SRC: 1.1.1.1 DST 2.2.2.2 SRV TCP/11111 SNAT 3.3.3.3 DNAT 4.4.4.4 (Where 3.3.3.3 is an IP pool & 2.2.2.2 is a Virtual IP mapped to 4.4.4.4) and a new flow has been proposed (to operate a different service alongside the existing one detailed above): SRC 4.4.4.4 DST 3.3.3.3 SRV TCP/22222 SNAT 5.5.5.5 DNAT 6.6.6.6 (Where 5.5.5.5 is an IP pool & 3.3.3.3 is a Virtual IP mapped to 6.6.6.6) Can anyone offer any advice on whether this is best practice? From my own point of view I would see it as requiring additional input to differentiate the two flows if ever attempting to configure a packet trace involving 3.3.3.3 & 4.4.4.4.

davidolea

New Member

Hi, I guess that this configuration is possible to create. You only ensure that in the VIP the port forwarding will be enable (to prevent the direct association in the VIP, for the inverse traffic).

ede_pfau

SuperUser

Agree, the differtiation comes with the port used. Even without port forwarding the FGT could keep the flows apart by using the original source port.

Dipen

New Member

Yes ! You can use the same IP for Source NAT (IP Pool) and Destination NAT (Virtual IP). Similarly you can use the Gateway(interface) IP for HideNAT and as a Virtual IP as well.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded