Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

What does session policy dual-nat do?

This thread has been viewed 5 times

  • 1.  What does session policy dual-nat do?

    Posted Oct 15, 2012 05:35 PM

    I'm trying to understand what a dual-nat policy rule action does. The documentation implies that it performs a combination src-nat and dest-nat. So I would expect the dual-nat to require the following settings:

     

    - NAT Pool (needed for src-nat)

    - Destination IP or Name (needed for dst-nat)

    - Destination Port (needed for dst-nat)

     

    But dual-nat only seems to require a NAT pool and a port. So what exactly does dual-nat do? 



  • 2.  RE: What does session policy dual-nat do?
    Best Answer

    Posted Oct 16, 2012 07:55 AM

    You need to define the NAT pool with both the src-nat and dst-ip first.    They are both contained in the same pool, that is why you only see the choice for one in the ACL creation.

     

    The following is an example how I've used dual-nat in the pat.

     

    Scenario:

    - Guest Network

    - Customer has Citrix and Mail servers that it wants to allow access to on the Guest network (employees use the Guest network with personal devices)

    - External DNS servers are used on the Guest network, so when the user's attempt to resolve the hosts above, they get the external IP address

    - A combination of network firewall and routing of this enviroment would not allow this traffic out and back in through the external IP, we need to redirect the requests to the internal IP

    - We setup a dual-nat rule to handle this.  The src-nat portion was used for NAT'ing the guest traffic to a particular IP (using a pool).   The dst-nat portion was setup to redirect requests to the external IP to the internal IP.  

     

    Commands:

    ip NAT pool portal-dual <beg.src.nat.ip> <end.src.nat.ip> <dst.nat.ip.address>

    any host x.x.x.x svc-https dual-nat pool portal-dual 443

     



  • 3.  RE: What does session policy dual-nat do?

    Posted Nov 09, 2012 08:11 AM

    Clembo, great post. We had this exact same scenario in our environment and I was able to deliver Citrix to our guest wifi network using this solution. I do have one question. Is a dual-nat really necessary in this scenario? I first tried just dst-nat'ing the traffic destined for the public IP of our citrix gateway to the DMZ address, but that did not work.. Once I read your post and configured dual-nat I was able to get this to function as expected. Why was the src-nat half of dual-nat necessary in this case?

     

    An example where I only had to dst-nat was in the case of our captive portal for unregistered guests which accomplished the redirect that we needed.

     

    Thanks in advance

     

    -GR