Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Auto NAT for SSLVPN dosen't work

nibysenibyse Newbie ✭
in Firewall Management and Analytics

Hello everyone,


We have configured the SSLVPN service on the WAN door of our firewall for remote access

The problem is that it is not possible to contact this service from outside the network

We have the same problem with DNS resolution from the firewall when we try to update the definitions

We have four public IP addresses that we weave according to our needs

Do you have any advice for us?


Thank you all Have a good day

Category: Firewall Management and Analytics
Reply

Best Answer

  • CORRECT ANSWER
    TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited October 2021 Answer ✓

    My last comment in the linked discussion hints at what you are experiencing. Sonicwalls expect to have a public IP address on their WAN interface(s). Without it the device doesn't know how to route to the public IP address you are NATing.

    "When i configure SSLVPN on the WAN interface on TCP 4433, the automatically created NAT don't allow the traffic". I'm sure it does, but the Sonicwall is expecting the traffic to be for the WAN interface assigned address, not for the public IP you are NATing with.

    I repeat, Sonicwalls want a public IP on the a WAN interface.

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Is your ISP providing you a bridged connection (as in their device is not doing NAT or firewalling)?

    Provide more information please.

  • nibysenibyse Newbie ✭
    I have IP 10.1.1.1 on my wan interface.
    Behind, i have a Cisco router with the IP 10.1.1.252 and I nat from my public IP (i have 4 Public IP)

    Thanks
  • nibysenibyse Newbie ✭
    And I NAT with my SonicWall
  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    It sounds like youre doing what was discussed here

    https://community.sonicwall.com/technology-and-support/discussion/3132/nsa-2700-drops-arp-requests-for-ip-address-its-nating-firmware-bug


  • nibysenibyse Newbie ✭

    It seems to be a similar issue


    The WAN interface (X14) has IP address 10.1.1.1

    The provider's router has the 10.1.1.252 IP

    We're making NAT from LAN to public IP behind the 10.1.1.252 for outgoing traffic and it works

    We're making NAT from WAN to LAN from one of our four public IP behind the 10.1.1.252 into the 192.168.0.0/24 network (Like TCP25 per example) and it's working


    If we try to connect to the Internet for DNS resolution per example with the SonicWall GUI it can ping 1.1.1.1 but could not make DNS resolution


    When i configure SSLVPN on the WAN interface on TCP 4433, the automatically created NAT don't allow the traffic


    I'm a little bit lost on this issue

Sign In or Register to comment.