Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

port forwarding issue

Hi,

I have an issue with port forwarding to an host that is in remote VPN site.

We have Site A that is behind a Sonicwall NSA3650 and Site B that is an aws VPC. There is a site 2 site vpn between Site A and B and all traffics are allowed.

Now we would like to access port 443 on a host that is on a Private subnet (that has internet connection) from one of public IPs of Site A.

I have create a Object access for the host in Site B and also create Object address for one of the public Address of the Site A on the sonicwall

This is my access rule and nat policy, but when try to access the port 443 from internet get drop.

What do I missing here?

nat policy


*Packet number: 759*

Header Values:

 Bytes captured: 66, Actual Bytes on the wire: 66

Packet Info(Time:09/01/2021 13:10:13.576):

 in:X1*(interface), out:--, DROPPED, Drop Code: 734(Packet dropped - drop bounce same link pkt), Module Id: 25(network), (Ref.Id: _2122_iboemfCpvodfUsbggjd), 1:2)

Ethernet Header

 Ether Type: IP(0x800), Src=[00:08:e3:ff:fc:14], Dst=[2e:b8:ed:2f:0c:01]

IP Packet Header

 IP Type: TCP(0x6), Src=[217.XX.XX.30], Dst=[194.XX.XX.66]

TCP Packet Header

 TCP Flags = [SYN,], Src=[59454], Dst=[443], Checksum=0x4ca0

Category: Firewall Management and Analytics
Reply

Answers

  • Up Date, I did change the Destnation of Access rule and Oreginal destenation of nat policy from X1 IP to object access of public IP that we and this time the logs show no drop but still unable to access the website:

    *Packet number: 158*

    Header Values:

     Bytes captured: 66, Actual Bytes on the wire: 66

    Packet Info(Time:09/01/2021 13:55:37.768):

     in:X1*(interface), out:--, Consumed, Module Id:20, 1:2) VPN policy: AWS Tunnel New#1

    Ethernet Header

     Ether Type: IP(0x800), Src=[00:08:e3:ff:fc:14], Dst=[2e:b8:ed:2f:0c:01]

    IP Packet Header

     IP Type: TCP(0x6), Src=[217.XX.XX.30], Dst=[194.XX.XX.66]

    TCP Packet Header

     TCP Flags = [SYN,], Src=[63145], Dst=[80], Checksum=0x4073

    Application Header

     HTTP

Sign In or Register to comment.