Hi,
I'm working with a customer who need to source NAT all traffic coming in on one interface and going out of another, but they only want to translate the 2nd Octet.
For example:
Real Source IP | NATed Source IP |
172.16.18.23 | 172.20.18.23 |
172.16.63.115 | 172.20.63.115 |
172.16.155.231 | 172.20.155.231 |
The real sources will always be 172.16.x.x and they always want to NAT only the 2nd octet to 172.20.x.x, keeping the other octets the same.
FTG600Fs running 7.0.14 in policy NAT mode.
I don't believe this is possible but I would love for you to tell me otherwise?
Many thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you referring to NAT pool ? If yes than it is possible to define the pool of the addresses (second octet you refer i believe is a subnet) to be used with NAT. So basically you have one subnet with source IPs and another one for NAT translation.
Hi @dbu and thank you for your quick response,
I guess it depends how the NAT pool operates? Will it do what I illustrated in my original post (only change the 2nd octet) or will it start at the bottom of the pool and work up like below?
So assuming the NAT pool is: 172.20.0.0/16, would it do this:
Order of Connections | Real Source IP | NATed Source IP |
1st connection | 172.16.18.23 | 172.20.0.1 |
2nd connection | 172.16.63.115 | 172.20.0.2 |
3rd connection | 172.16.155.231 | 172.20.0.3 |
The client would like to be able to easily correlate the NATed IP to the real IP when looking at server logs.
If this is the case than you need to go with static mapping as @pminarik mentioned.
IP pools alone do not guarantee static X.X.a.b -> Y.Y.a.b mapping, but you should be able to use a VIP to force one-to-one SNAT as described here:
Many thanks @pminarik, that looks like it might work? I will test and reply back.
Thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.