Hello,
I have this set of nat rules:
Rule1
OriginSrcIP1 to AnyDest >>>> TranslatedSrcIp1
Rule2
OriginSrcIP2 to AnyDest >>>> TranslatedSrcIp1
I nat rules not working properly. On the logs I can see some "policy violation" and few logs later the flow works.
Seems that if when the Rule1 works the Rule2 not and vice versa.
The TranslatedSrcIp1 can be assigned only on 1 static nat rule?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Charlie80,
As per your query, it seems you've enabled one-to-one NAT rather than doing the PAT can you let me know the configuration you've done, share the snapshot it would be better.
Simple answer, if NAT to one source address from multiple real source addresses would not work, no network of more than 1 host would be able to surf the internet. Right?
The kind of SNAT that is needed in this case is the "overload" NAT, which is the default. Configured as "one-to-one" NAT will not work, as Vishal has already mentioned.
How to: configure an IP pool containing just the one desired translated address (type "overload", external IP range "a.b.c.d - a.b.c.d"), enable NAT in the outbound policy but choose to specify the address to use. Then select the IP pool just created.
Hi @Charlie80
The NAT which you have enabled is one-to-one mapping.
It works like this, suppose you have configured a NAT type <one-to-one> and in the range if you have configured like this : 1.1.1.1-1.1.1.1 then it works on first come and first serve basis.
When traffic from OriginSrcIP1 to AnyDest it will be translated to the IP 1.1.1.1.
Now when at the same time if another traffic came OriginSrcIP2 to AnyDest then the device will not be able to NAT the IP because in the range you have given one-to-one 1.1.1.1-1.1.1.1.
It will work only when the IP in the NAT pool is free.
But only one IP at a time will be Ntted.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.