Wireless Access

Hey, guys，I have a question about Aruba controller NAT .
I use Aruba 7010 as the gateway.
VLAN 4000 is used as WAN interface, and the IP is static IP 221.2.2.2 .
VLAN 10 is an office VLAN, and IP NAT inside is configured , ip address 192.168.1.1
We have a web server in the office VLAN with an IP of 192.168.1.54. I configured port mapping for it and used port 8282 .
Now, we access my internal server in any Internet access http://221.2.2.2:8282.

However, I cannot access my server directly through 221.2.2.2 in my internal network , it doesn't work anymore. Only internal address 192.168.1.54:8080 can be used .

I think it's because I haven't configured source NAT correctly .
Please give me some help , thanks !

------------------------------
eddy zhou
whhcit.com
Weihai . SD . China
+86 13061120222
------------------------------

You should have "ip nat outside" on interface vlan 4000

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Nov 23, 2021 11:16 AM
From: eddy zhou
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

Hey, guys，I have a question about Aruba controller NAT .
I use Aruba 7010 as the gateway.
VLAN 4000 is used as WAN interface, and the IP is static IP 221.2.2.2 .
VLAN 10 is an office VLAN, and IP NAT inside is configured , ip address 192.168.1.1
We have a web server in the office VLAN with an IP of 192.168.1.54. I configured port mapping for it and used port 8282 .
Now, we access my internal server in any Internet access http://221.2.2.2:8282.

However, I cannot access my server directly through 221.2.2.2 in my internal network , it doesn't work anymore. Only internal address 192.168.1.54:8080 can be used .

I think it's because I haven't configured source NAT correctly .
Please give me some help , thanks !

------------------------------
eddy zhou
whhcit.com
Weihai . SD . China
+86 13061120222
------------------------------

Thank you for your reply ，  But it still hasn't been solved  .
I have configured " ip nat ourtside " on VLAN 4000 ,   vlan 4000  is on the port G0/0/15 , I configured " ip access-list session " on this port  . 


ip access-list session nat_thing
  any alias localip tcp 8888 dst-nat ip 192.168.1.54 8888
  any any any permit

interface gigabitethernet 0/0/15
  description "GE0/0/15"
  trusted
  trusted vlan 1-4094
  ip access-group "nat_thing" session
  switchport access vlan 4000
  no spanning-tree

interface vlan 4000
  ip address 221.2.2.2 255.255.255.240
  ip nat outside


interface vlan 10
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  description "officenetworks"


This is my current situation,


I can access 221.2.2.2:8888 from any Internet,  when I was on the LAN , I can't access using the address of 221.2.2.2，  Only 192.168.1.54:8888 can be used .I think there is still a problem with the IP access list session configuration.




------------------------------
eddy zhou
whhcit.com
------------------------------

Original Message:
Sent: Nov 26, 2021 04:38 PM
From: Colin Joseph
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

You should have "ip nat outside" on interface vlan 4000

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Nov 23, 2021 11:16 AM
From: eddy zhou
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

Hey, guys，I have a question about Aruba controller NAT .
I use Aruba 7010 as the gateway.
VLAN 4000 is used as WAN interface, and the IP is static IP 221.2.2.2 .
VLAN 10 is an office VLAN, and IP NAT inside is configured , ip address 192.168.1.1
We have a web server in the office VLAN with an IP of 192.168.1.54. I configured port mapping for it and used port 8282 .
Now, we access my internal server in any Internet access http://221.2.2.2:8282.

However, I cannot access my server directly through 221.2.2.2 in my internal network , it doesn't work anymore. Only internal address 192.168.1.54:8080 can be used .

I think it's because I haven't configured source NAT correctly .
Please give me some help , thanks !

------------------------------
eddy zhou
whhcit.com
Weihai . SD . China
+86 13061120222
------------------------------

Hi, remove the Trust from GE0/0/15. Only If your Interface ist mit trusted the ACL will be used.
Regards, Johnny

---------------------------------
Johann Froehlich
---------------------------------



Original Message:
Sent: Nov 27, 2021
From: ez8
Subject: RE: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

Thank you for your reply ，  But it still hasn't been solved  .
I have configured " ip nat ourtside " on VLAN 4000 ,   vlan 4000  is on the port G0/0/15 , I configured " ip access-list session " on this port  . 


ip access-list session nat_thing
  any alias localip tcp 8888 dst-nat ip 192.168.1.54 8888
  any any any permit

interface gigabitethernet 0/0/15
  description "GE0/0/15"
  trusted
  trusted vlan 1-4094
  ip access-group "nat_thing" session
  switchport access vlan 4000
  no spanning-tree

interface vlan 4000
  ip address 221.2.2.2 255.255.255.240
  ip nat outside


interface vlan 10
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  description "officenetworks"


This is my current situation,


I can access 221.2.2.2:8888 from any Internet,  when I was on the LAN , I can't access using the address of 221.2.2.2，  Only 192.168.1.54:8888 can be used .I think there is still a problem with the IP access list session configuration.




------------------------------
eddy zhou
whhcit.com
------------------------------

Original Message:
Sent: Nov 26, 2021 04:38 PM
From: Colin Joseph
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

You should have "ip nat outside" on interface vlan 4000

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Nov 23, 2021 11:16 AM
From: eddy zhou
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

Hey, guys，I have a question about Aruba controller NAT .
I use Aruba 7010 as the gateway.
VLAN 4000 is used as WAN interface, and the IP is static IP 221.2.2.2 .
VLAN 10 is an office VLAN, and IP NAT inside is configured , ip address 192.168.1.1
We have a web server in the office VLAN with an IP of 192.168.1.54. I configured port mapping for it and used port 8282 .
Now, we access my internal server in any Internet access http://221.2.2.2:8282.

However, I cannot access my server directly through 221.2.2.2 in my internal network , it doesn't work anymore. Only internal address 192.168.1.54:8080 can be used .

I think it's because I haven't configured source NAT correctly .
Please give me some help , thanks !

------------------------------
eddy zhou
whhcit.com
Weihai . SD . China
+86 13061120222
------------------------------

If I configure the port to untrust  ,  Then ACL will not be applied , even the port mapping function I use cannot be applied .


------------------------------
eddy zhou
whhcit.com
------------------------------

Original Message:
Sent: Nov 27, 2021 03:51 PM
From: Johann Froehlich
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

Hi, remove the Trust from GE0/0/15. Only If your Interface ist mit trusted the ACL will be used.
Regards, Johnny

---------------------------------
Johann Froehlich

Original Message:
Sent: Nov 27, 2021
From: ez8
Subject: RE: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

Thank you for your reply ，  But it still hasn't been solved  .
I have configured " ip nat ourtside " on VLAN 4000 ,   vlan 4000  is on the port G0/0/15 , I configured " ip access-list session " on this port  . 


ip access-list session nat_thing
  any alias localip tcp 8888 dst-nat ip 192.168.1.54 8888
  any any any permit

interface gigabitethernet 0/0/15
  description "GE0/0/15"
  trusted
  trusted vlan 1-4094
  ip access-group "nat_thing" session
  switchport access vlan 4000
  no spanning-tree

interface vlan 4000
  ip address 221.2.2.2 255.255.255.240
  ip nat outside


interface vlan 10
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  description "officenetworks"


This is my current situation,


I can access 221.2.2.2:8888 from any Internet,  when I was on the LAN , I can't access using the address of 221.2.2.2，  Only 192.168.1.54:8888 can be used .I think there is still a problem with the IP access list session configuration.




------------------------------
eddy zhou
whhcit.com

Original Message:
Sent: Nov 26, 2021 04:38 PM
From: Colin Joseph
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

You should have "ip nat outside" on interface vlan 4000

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Nov 23, 2021 11:16 AM
From: eddy zhou
Subject: How to correctly configure source NAT on Aruba controller gateway? How does the intranet terminal use the dst-nat server through the external IP

Hey, guys，I have a question about Aruba controller NAT .
I use Aruba 7010 as the gateway.
VLAN 4000 is used as WAN interface, and the IP is static IP 221.2.2.2 .
VLAN 10 is an office VLAN, and IP NAT inside is configured , ip address 192.168.1.1
We have a web server in the office VLAN with an IP of 192.168.1.54. I configured port mapping for it and used port 8282 .
Now, we access my internal server in any Internet access http://221.2.2.2:8282.

However, I cannot access my server directly through 221.2.2.2 in my internal network , it doesn't work anymore. Only internal address 192.168.1.54:8080 can be used .

I think it's because I haven't configured source NAT correctly .
Please give me some help , thanks !

------------------------------
eddy zhou
whhcit.com
Weihai . SD . China
+86 13061120222
------------------------------