easy one guys

[bkeaver]

ok I have a VPN that I need to setup. This is probably so easy I am just totally missing it....

I need to setup the VPN so that all of my internal network is nat'd behind 1 external address....for some reason I am looking at this and its not clicking....

tried searching forum but couldnt find what I was looking for and I am sure the question has came up before...


thanks in advanced guys

[rokudan]

Not sure exactly what you are talking about, since your question could mean several things... But there are a few ways to NAT a network, depending on what your purpose is.. You can create a network object for your desired network, then on it's NAT tab do a hide.. Or if you want to be more specific for what destinations and/or services you want to NAT for, you could go to the Address Translation tab in SmartDashboard, and create a rule... Of course you will need to create and object for the hide as well.

[Testing-123]

Hi bkeaver,

There are two form of NAT; static and hide.

You will need to use hid NAT by your description. Open up smart dashboard in demo mode and look at the example in the nat policy as it gives an example of all the different variations of NAT. It's difficult to help you unless we have a more detailed explantion.

Hope this helps.

Cheers
Testing-123

[bkeaver]

what I am trying to accomplish is:

they have a FTP server that I need to access through a VPN but to avoid overlaping internal network IP's. We want to nat my entire internal network behind 1 external ip address. I have tried to do a automatic NAT with my existing network Object but when I ping thier FTP server it sends the packet through the tunnel as my internal netowork (10.1.0.0) instead of the outside IP (Lets say 64.64.64.64).

If I try to do a manual nat it tells me "The range size of Original and Translated columns must be the same."

original Packet | Translated Packet
source | destination | Source | destination
10.1.0.0 | thier FTP server |64.64.64.64| original
----------------------------------------------------------
FTP Srvr | 64.64.64.64 | Original | 10.1.0.0

hopefully this displays correctly and I have explained it clearly enough....Anyone????

[MarioL]

In terms you NAT you only need one rule:

LAN | FTP server | any | Hide IP | = | =

Hide IP should be an host object with the IP you want to hide behind. This object should be added on the rule with the option Hide NAT.

Of course you need to also worry about routing and possibly ARP, to make sure this IP "comes back" to your firewall.

You will need to make sure that the VPN isn't avoiding the NAT rules, so check the VPN community and make sure you haven't prevented NAT (basically untick that box).

Hope that works, let me know if you need anything else.