Hi Kenneth,
I have a branch gateway running in my home lab as my ISP router and have the need to forward some ports to internal resources.
just check my blog post about it:
https://www.flomain.de/2020/01/port-forwarding-with-sd-branch/BR
Florian
------------------------------
-------------------------------------------------------------------------------
Florian Baaske
-------------------------------------------------------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
-------------------------------------------------------------------------------
Also visit the AirHeads Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ-------------------------------------------------------------------------------
Feel free to visit my personal Blog
https://www.flomain.de------------------------------
Original Message:
Sent: Jan 21, 2021 05:34 PM
From: Ariya Parsamanesh
Subject: VPNC for inbound NAT
not to the best of my knowledge. but first test it without it and see
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
Original Message:
Sent: Jan 21, 2021 05:16 PM
From: Kenneth Tan
Subject: VPNC for inbound NAT
Thanks Ariya, do I need to turn on proxy local ARP if I want to use 1:1 NAT?
------------------------------
Kenneth Tan
Original Message:
Sent: Jan 21, 2021 05:11 PM
From: Ariya Parsamanesh
Subject: VPNC for inbound NAT
yes this is supported. obviously you need to have a separate pub IP address for that server that you want to do 1:1 NAT
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
Original Message:
Sent: Jan 21, 2021 12:00 AM
From: Kenneth Tan
Subject: VPNC for inbound NAT
If customer wanted to host a public accessible webserver behind the VPNC, I htink it will work if
1. using destination NAT policy - user hitting VPNC public IP on a particular port, this will be Dst-NAT to the webserver
2. have a public IP DMZ hosted by VPNC - user hit the public IP of the webserver, routed through and allowed in policy by the VPNC, the DMZ is just a separate internal network with public IP
I am not sure if VPNC can do inbound NAT like a typical Cisco/Juniper/etc firewall where a public IP is translated to private IP?
Thanks.
------------------------------
Kenneth Tan
------------------------------