Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with (Outbound) NAT

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 309 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sbrews
      last edited by

      7ee457f1-ca8e-4c4f-95c8-28f0a218da84-image.png

      Referencing picture

      • end user device will connect to firewall via WAN, traverse via OPT1 and connect to VPN

      • Outbound nat on OPT1 sets IP to 10.100.0.10, tunnel comes up, all is good. Now, need to add more users to the mix...

      • 2nd (3rd, etc) end user device connects in same fashion - in WAN, out OPT1 to VPN

      • Cant nat to same 10.100.0.10 address, as that would cause issues

      • How does one set up outbound (or other appropriate NAT) so that
        2nd (3rd, 4th, etc) user gets their own 10.100.0.x IP
        and maintains that NATed IP for duration of connection

      • tried setting up a virtual IP range for the outbound NAT, it kind of worked except that IP does not appear to be maintained for duration of connection.

      Moving VPN to edge is not an option, must go thru firewall

      This does work in production - I did not set it up and dont have easy access to person with knowledge of how it was set up.

      I am trying to create this in virtualbox

      • to learn how its done
      • to be able to experiment with various settings (FW, VPN) without impacting production or QA environment.
      • Yes, this exceeds my current knowledge level, so these may be stupid questions or super simple to set up for someone with the knowledge. Any help is appreciated.
      1 Reply Last reply Reply Quote 0
      • S Offline
        sbrews
        last edited by

        Ok, thanks to all who looked at this... got in touch with person who was more knowledgeable about the production version of this. There is NAT'ing going on, but it is not at the FW level - its being handled at the router level before the FW. So... that makes my question null/void. I will have to re-examine what I am trying to do and find another way to accomplish it.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.