Routing Issue
smallonee
Newbie ✭
Seem to have a routing issue
Setup:
3 zones WAN, LAN, and a customer Public zone connected to a private circuit that only has traffic inbound.
Created Address Object for Internal Resource
Created Address Object for External Resource
Created NAT policy Mapping the external to the internal resource
Created Access rule allowing traffic over the specific service between external and internal resources
Troubleshooting:
When doing a live packet capture I was able to find that that packet is hitting the firewall and routing from the Public Zone created for the private circuit to the WAN zone.
I have tried to manually map the path following the article Sonicwall has on packet flow through the device and have not been able to see where the problem might be.
It seems that a route is being applied to the packet before the NAT which I believe is causing my issue.
The only thing I could find that may be of some help to me is this article
This system is in production so I have to be careful on making changes. Can anyone let me know if the above process is what I need to do to make this work or is there something really simple that I am missing.
Appriciate any help.
Thanks
Answers
@smallonee,
Welcome to SonicWall Community.
How exactly are the internal and external resources mapped? Is the external resource on zone WAN or public zone?
Also, how exactly are you testing and doing the packet captures?
If you do not want to put the actual IPs in the post, could you please give a dummy example so that we can make sure that the configuration is done right?
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93
Thank you for the quick response. Below (hopefully it display's correctly) is a rough layout of what I am attempting.
Thank you for any help.
Thanks
@smallonee,
So, how are you testing this? Is the private network directly connected to the SonicWall?
When you are trying to access the server with IP: 192.168.168.50, what IP address do you use and what is the source from where this test is made? Is it on WAN?
The reason for me to ask is that, if the client that you are testing is at Interface X4, then we don't really need the NAT as the firewall already has connectivity to both external and internal IP addresses.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93,
Currently the circuit goes through a different device. We are attempting to move it to the Sonicwall.
Current setup is the client sends traffic to the specified external address and we NAT it to the internal address.
Initial troubleshooting was when we attached the circuit to the sonicwall. The traffic is dropped on the sonicwall. We did a packet capture on the sonicwall and the packet comes in then gets routed to the WAN interface.
The private circuit is a Metro link to one of our clients it is directly connected to interface x4. When access the IP 192.168.168.50 the IP destination of the packet is 10.10.10.20.
Thank you for your help.
@smallonee,
In that case, I think one of things that could be missing is the static route that explains how to reach the 10.10.10.x network from the firewall.
Once that is present 10.10.10.x network and 192.168.168.50 should be able to communicate. I also feel that the zones should be specified correctly in the access rule. But I see it as Any right now.
If we have a route for 10.10.10.x network and 192.168.168.50 is directly connected network to firewall, we don't need a NAT at all for these two networks to talk. So, honestly I still need clarity on why this NAT is created as both the networks are private networks.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services