Classic PAT (Port Address Translation), how?

ragvol
ragvol Posts: 3  Freshman Member
First Comment
edited April 2021 in Security

Hello, I am looking to achieve what in Cisco world is called PAT/Nat Overload on a USG60w.

My Lan is 192.168.1.x/24 and I'd like to translate all traffic so it's sourced from a single WAN ip x.x.x.x.

I realise this is a very simple request, yet I cannot find a guide that describes how to achieve this.

Thank you

All Replies

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    If i am not wrong, you should look for 1:1 NAT. Don't forget firewall rules (Security Policy -> Policy Control) and outgoing routing for that.

    I am assuming that your WAN connection has multiple IP addreses and you want to redirect all the traffinc coming from one to another IP Address on your LAN...

    If i am assuming the wrong thing (no experience on Cisco) please try to explain what you're looking for.

  • zyman2008
    zyman2008 Posts: 223  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary

    Hi @ragvol,

    By default, USG will auto PAT for LAN network addresses to WAN interface IP address.

    If you would like to translate to specific public IP address.

    Then it achieve policy route rules.

    Here the steps

    1.Create single public IP or IP pool

    • Go to Object > Address/GeoIP > Address tab, click Add button to create address object.
      • A single IP
    • An IP Pool

    2.Create Policy route rule,

    • Go to Network > Routing > Policy Route tab, click Add button to create rule,
      • On the Criteria section, you can configure the Source/Destination address (like the Cisco ACL)
      • On the bottom, address translation, select the IP or IP Pool object created in step 1.


  • ragvol
    ragvol Posts: 3  Freshman Member
    First Comment

    Hello and thank you both!

    By default, USG will auto PAT for LAN network addresses to WAN interface IP address.

    This is exactly the answer to the doubt I had. Thank you for the detailed steps as well.

    I wish you a pleasant day.

Security Highlight