Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    'No NAT' Outbound

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timhic
      last edited by

      I did a search but was not able to find the exact answer I was looking for. If there is already a post covering this, please point me in the right direction.

      I have a multi-homed box with 5 interfaces. Two of these interfaces are used by a client (WAN and LAN). They have multiple VPN sites terminating on their WAN interface. The remote VPN sites can ping the servers on the LAN side (at the data centre), but the servers cannot ping the remote sites. I assume this is due to the fact there is not an access list applied which disables NAT from the LAN side of the firewall to the remote subnets (my thinking is based on my days of Cisco hardware/access lists).

      Do I just need to setup an outbound nat rule and select the 'Do Not NAT' option to match the traffic from the servers to the remote subnets? I just want to make sure I'm on the right track here and am not going to break something if I implement this change.

      Any help would be appreciated!

      cheers,

      tim

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        No, you don't need the craziness of Cisco's no NAT. Probably no firewall rules to permit the traffic in question.

        1 Reply Last reply Reply Quote 0
        • T
          timhic
          last edited by

          Yes, it was firewall, not NAT!

          cheers!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.