I find switching from ASA to palo alto NAT confusing because they work in a different way and I've worked on ASA for so long.
nat rule (to nat traffic)
outside -> outside
Destination address is customer public IP: 100.200.200.114
Destination translations address is inside IP of the server: 192.168.0.1
policy rule (to allow traffic)
outside -> inside
Source IP is outside source public 8.8.8.8
inside destination IP is the public IP: 100.200.200.114
The main thing there is a public IP NAT is outside to outside on palo. On ASA its outside to inside for a public IP NAT.
- Source zone: outside
- Destination zone: outside
- Destination interface: eth1/1 (outside)
- Source add: any
- Destination address: 100.100.100.50 (public IP of server)
- Service: port 443
- Source translation: "none"
- Destination Translation:
- destination-translation (translation type "static IP")
- address: 192.168.100.50 (inside IP)
- port: 443
No comments:
Post a Comment