IP Public - ERP Setup - NAT -
Hi there, just a beginner trying to learn something.
I have a public IP (2.40.XX.xx) through my ISP and i want to reach an internal server (Internal IP is 10.0.220) in my small business. This server is running an https iss istance using port 443.
Hardware connection is like this:
MODEM ISP IP 10.0.0.233
FIREWALL VPN 50 ZYXEL 10.0.0.222
MODEM IS CONNECTED TO ZYXEL VIA WAN PORT
ZYXEL IS CONNECTED TO SWITCH VIA LAN PORT
Tried NAT and Contro policy, but i'm missing something.
All Replies
-
Hi @ZetaKappa ,
Greeting Forum,
So your WAN/LAN have the same subnet ?(WAN:10.0.0.233, LAN:10.0.0.222?),
I would recommend separate that, For example:
WAN: 10.0.1.1/24 , LAN 10.0.0.222/24, internal server : 10.0.0.220/24
Frist of all, Please change default firewall webgui port from 443 since that's conflict with your internal server
And you will have:
NAT: 10.0.1.1 Port 443 Mapped to 10.0.0.222
Policy: From WAN to LAN, Source:Any ; Destination: 10.0.0.222, service :443
At last, Please check traffic can reach out firewall without blocking since your WAN is private IP .
Please kindly attach your config if still have problems. Thank you
Kevin
0 -
Maybe i'm missing something.
ISP traffic is open from modem router to 10.0.1.1
still not reaching 10.0.0.220 from public ip
0 -
Can you not get your WAN IP on VPN 50 directly?
Change your LAN to 192.168.0.1 or the likely as we don't know the subnet used for 10. WAN
Check your ISP is forwarding ports with grc.com and a packet capture.
0 -
Do you have active port forwarding from 10.0.1.1 to 10.0.0.222 and also a firewall rule to allow wanted traffic between the 2 subnets?
0 -
Only port forwarding is on ISP Router (10.0.0.253) opening ports 443 ecc to 10.0.1.1
0 -
In this situation, I would like to recommend looking at what @PeterUK suggested, to check with your ISP if it is possible to set up the modem router as a bridge, moving the ISP login to your ZyWALL VPN50 if possible, because that would make it much easier to follow standard manual config pages to set up external access and port management.
0 -
Hi @ZetaKappa ,
Please kindly try to capture packets on FIrewall's WAN. need to check if packets reach to.
Please feel free to provide your Remote WebGUI by private message if need any further assistance.
Thank you
0 -
Asked to ISP for modem in bridge mode…
0 -
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight