no default SNAT usg310 himself

Options
Chakib
Chakib Posts: 3
First Comment

Hello

I have USG310 V4.73

my wan2 has a virtual ip wan2:1 (IP:AA.BB.CC.DD)

with ssh I have to add snat to ping internet( ping 8.8.8.8 source AA.BB.CC.DD )but

how can I add the virual IP in the default snat for the router himself.??

Now I can not update time, update firmware from cloud ect ect

thx in adv

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 799  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2023
    Options

    HI @Chakib ,

    By default, outgoing traffic only translate soruce address to "interface IP".

    If you would use virtual IP wan2:1 for SNAT. Please kindly use Policy Route and set "Souce Network Address Translation" to wan2:1 address.

    Please feel free to contact us if any concerns. Thank you

    Kevin

  • Chakib
    Chakib Posts: 3
    First Comment
    Options

    Hi Kevin

    Thx for your prompt reply.
    I use Already policy route for the LAN the SNAT with the viruals IP.( no problem)

    My question is regarding the UTM himsel (USG310) can not go to the internet to update time for exp.

    brgds

  • PeterUK
    PeterUK Posts: 2,865  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2023
    Options

    Do you have a WAN subnet? You should not need virtual ip to SNAT on another WAN IP.

    …think I get your problem now…hmmm…so you have on WAN2 a IP that has no internet that you get your WAN routed too you that you SNAT…but how to get Zywall to have internet….

    I don't have the same problem as your exactly but in a round about way it is the same how I solved it was another USG with a VLAN that each other SNAT to get internet.

    due to x2 real DMZ on the same IP

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 799  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Chakib ,

    I set WAN as private IP which cannot access internet. WAN1:1 as IP can access internet.

    It can ping 8.8.8.8 itself.

    Please kindly share your config file by private message. I will do the verify.

    Thank you

  • PeterUK
    PeterUK Posts: 2,865  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2023
    Options

    @Zyxel_Kevin

    Are you sure 10. dose not have Internet access? if you do a packet capture ping is by 100.?

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 799  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    I am sorry. 100.100.100.0/24 is a subset I created for testing. It cannot access internet.

    10.214 is behind NAT router. It can access internet.

  • PeterUK
    PeterUK Posts: 2,865  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2023
    Options

    yes thats the point of the OP problem is 10. can not access internet by ISP and I see no easy way round this with just one USG

  • Chakib
    Chakib Posts: 3
    First Comment
    Options

    Dear Kein,

    sorry for my lare reply

    Pls pic attached .

    Well I resolved this problem Iadding Wan1 via ISP with ADSL .

    I sent you also two pings before to add wan1 with snat and without.

    B/rgds

  • PeterUK
    PeterUK Posts: 2,865  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2023
    Options

    This will be what you need to do Chakib you will need another low cost USG model to do this..I see you sovled it but here is another way

Security Highlight