MIP NAT Configuration



  • Setup:

    10.212.193.222 <- Trust [5GT ] Untrust  <-IKE-<  Untrust [NS50] Trust <- 192.132.159.72

    I’ve been having some issues trying to get MIP NATing to work and I need some help.

    In my initial configuration, I was using DST-NAT for traffic initiated by the 10.212.193.222 host to 192.132.159.72.  This has been working fine as it was one-way traffic.

    Our configuration has change such that I need to have traffic from the 192.132.159.72 to the 10.212.193.222.  So I’ve been trying to change the DST-NAT to a MIP for bi-directional traffic.

    The 10.212.193.222 host can only reach the 192.132.159.72 via a NATed address of 192.132.197.49 because we have overlapping IPs otherwise.

    I removed the DST-NAT (Via Policy) from the 5GT and added the following:

    set interface "tunnel.1" mip 192.132.197.49 host 192.132.159.72 netmask 255.255.255.255 vr "trust-vr"
    

    Any help is appreciate greatly!  JTAC has not been able to help me yet…


 

27
Online

38.4k
Users

12.7k
Topics

44.5k
Posts