Traverse a 1:1 NAT with VCS

Unanswered Question
Dec 20th, 2011

Hi All,

We have combined two existing wan networks, we have done this with 1:1 NAT. So every 10.10.10.0/24 address has a 172.16.10.0 address. This works two ways. Please look at the attached design. There is no option to do it with a standard PAT translation you would use if the VCS Expressway is connected to the internet.

At this moment we cannot get the traversalzone working from the 10.10.10.10 VCS Control to the 172.16.10.10 VCS Expressway.

Is this a correct design or do we need to append a dual network interface option to route the traffic?

I hope you can give me some insight to the problem.

Thanks!

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
awinter2 Tue, 12/20/2011 - 13:45

Hi Pieter,

can you elaborate further on how this NAT setup works? In which direction of traffic is NATing taking place?

The diagram states that "All 10.10.10.0 addresses are natted to 172.16.10.0". The diagram shows the VCS-E with an address of 172.16.10.10 and the VCS-C with an address of 10.10.10.10. If I understand that correctly, wouldn't the VCS-E and VCS-C end up with the same address?

To break things down a bit, could you please answer the following:

- If you ping the VCS-E from the VCS-C, what apparant address would the ping come from as seen on the VCS-E?

- If you ping the VCS-C from the VCS-E, what apparant address would the ping come from as seen on the VCS-C?

- Is 172.16.10.10 and 10.10.10.10 the actual LAN 1 IP addresses of the VCS-E and VCS-C, respectively?

- What IP address have you configured as the peer address on the traversal client zone on the VCS-C, and what is the peer address for the traversal server zone shown as on the VCS-E?

Thanks,

Andreas

pbzijerveld Wed, 12/21/2011 - 00:24

- If you ping the VCS-E from the VCS-C, what apparant address would the ping come from as seen on the VCS-E?

If i ping from the VCS-C i would ping 10.10.20.10 - by the firewall it wil be translated to 172.16.10.10

- If you ping the VCS-C from the VCS-E, what apparant address would the ping come from as seen on the VCS-C?

If i ping from the VCS-E i would ping 172.16.20.10 - by the firewall it will be translated to 10.10.10.10

- Is 172.16.10.10 and 10.10.10.10 the actual LAN 1 IP addresses of the VCS-E and VCS-C, respectively?

Yes

- What IP address have you configured as the peer address on the traversal client zone on the VCS-C, and what is the peer address for the traversal server zone shown as on the VCS-E?

VCS-C peer to 10.10.20.10

VCS-E no peer because its a traversal server zone

awinter2 Wed, 12/21/2011 - 07:23

Hi Pieter,

your initial post and diagram only describes 10.10.10.0/24 and 172.16.10.0/24, but your latest post also mentions 10.10.20.0/24 and 172.16.20.0/24, could you please clarify?

Also, does the Expressway require connectivity with public networks/Internet?

Thanks,

Andreas

Actions

Login or Register to take actions

This Discussion

Posted December 20, 2011 at 9:51 AM
Stats:
Replies:3 Avg. Rating:
Views:769 Votes:0
Shares:0
Tags: vcs, vcs-c, vcs-e
+

Related Content

Discussions Leaderboard