WAN set to Static IP of the gateway's public address: 75.x.x.1 NAT/Gaming tab set to forward ports 80 and 443 to the web server Port 2 goes to a Windows 2019 web server at 192.168.2.2 (static) IP-Passthrough > DHCPS-fixed > MAC address of router Port 1 goes to my Asus RT-AC88U (running Merlin 384.19) All other tradenames are the property of their respective owners.I think this is some kind of NAT loopback problem, but I'm clueless as to how to fix it.ĪT&T 1GB ftth with Arris BGW210-700 gateway: WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries. If the client does not use the Mobile VPN to route to the public IP address used in the Static NAT, or the 1-to-1 NAT base IP address, the client can use the regular Internet connection to connect to the public IP address of the server, if that incoming traffic is allowed by a configured policy. If it is not possible to meet each of these requirements, the user can still use the internal, private IP address of the internal host to connect to it, if access to that host is permitted by the VPN configuration and policy. The virtual IP address assigned to the user depends on the IP address pool configured for the VPN. An IP address, subnet, or alias that includes or matches the virtual IP address assigned to the Mobile VPN user.A group name that the Mobile VPN user is a member of.The policy that has the static NAT or NAT base IP address in the To list must contain one of the following in the From list for traffic from a Mobile VPN user to match the policy:.For Mobile VPN with IPSec, the allowed VPN resource in the Mobile VPN with IPSec profile and the Mobile VPN policy must include the NAT base IP address, or a subnet that includes the NAT base IP address configured in the 1-to-1 NAT settings.The allowed resources configured in the VPN settings must include the IP address or subnet for the static NAT, or the 1-to-1 NAT base IP address.If NAT loopback is configured with 1-to-1 NAT, the client must use the VPN to route traffic to the NAT base IP address.If NAT loopback is configured as a static NAT action, the client must use the VPN to route traffic to the IP address used in the static NAT action.The client must use the VPN to route traffic to the server IP address.To allow Mobile VPN users use NAT loopback, the mobile user and VPN policies that allow traffic from VPN clients must meet these requirements. Mobile VPN with IPSec - You must use 1-to-1 NAT to enable NAT loopback for traffic from the Mobile VPN clients because Mobile VPN with IPSec policies do not support static NAT actions.Mobile VPN with IKEv2, L2TP, and SSL - You can use static NAT or with 1-to-1 NAT to configure NAT loopback from the Mobile VPN clients.You can configure NAT loopback with static NAT or with 1-to-1 NAT. If Mobile VPN users connect to your trusted or optional networks, and route Internet traffic through the VPN tunnel, you can configure NAT loopback for the traffic from the Mobile VPN clients. NAT loopback enables a user on the trusted or optional networks to connect to a public server with the public IP address or domain name of the server, if the server is on the same physical Firebox interface.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |