Stopping NAT between interfaces in NAT mode in zones in trust-vr



  • My inside trusted interface is in the trust zone which is in the trust-vr. It is set to NAT mode.  My DMZ interface is in the DMZ zone which is in the trust-vr. It is set to NAT mode.

    Hosts in the trust interface that connect to hosts on the DMZ get NAT’d to the address on the DMZ interface.

    Hosts on the DMZ that connect to hosts on the trust side do not get NAT’d.

    One problem is that I do not understand why they act differently.  What I want to do is not NAT either way. I only want these interfaces to NAT when they go to the Untrust side.

    The screenOS 6.1.0 Concepts and Examples guide says it is possible on volume 2 page 94 Figure 44. But it does not say how to do it.



  • Interface NAT will only apply when untrust is the destination, afaik. Are you sure, that Trust->DMZ gets NATed to the interface NAT and not some other NAT rule?


 

57
Online

38.5k
Users

12.7k
Topics

44.5k
Posts