Jump to:navigation, search
Wiki

Hidenat-Exclude

From Securepoint Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Beta-Version bezieht









































Last adaptation to the version: 12.1 (04.2021)

New:

  • Order of rules corrected
  • Layout adjustment


Previous versions: 11.7

HideNat Exclude

If certain data connections must be established with the original source IP, but a HIDENAT already exists for this source via the network interface to the destination, exceptions can be set up via the NAT type HIDENAT EXCLUDE.

As a rule, the HIDENAT EXCLUDE is used in connection with IPSec VPN connections. This ensures that data packets for the VPN remote terminal with the private IP address are routed through the VPN tunnel.
Otherwise, these packets would be masked with the public WAN IP address like all other packets in the direction of the Internet and, since they are sent with a private destination address, would be discarded at the next Internet router.


The corresponding rule then looks like this:

Caption Value
Action ACCEPT
Source
 internal-network
Destination
 IPSec VPN network
Service
 default-Internet
NAT
/
Type
HIDENAT EXCLUDE
NAT
/
Node
external-interface

  • The HideNAT-Exclude rule must come before the HideNAT rule for the exclusion to take effect.


    • Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/RULE/Hidenat_Exclude_v12.1&oldid=89449"