Forum Discussion
kfilzen_50690
Nimbostratus
NimbostratusNetwork Access without NAPT
First everything works with NAPT enabled or when the 1.2 interface is disabled
We are using the 1.1 interface for internal access out to the internet through the 1.2 interface.
Both interfaces are addressed privately and we use nat off of a router to provide outbound public addresses based upon the users assigned IP address from a virtual subnet.
We need to do it this way as we don't want every user to have the same outbound IP address (IE the address of the Firepass 1.2 interface). Currently it either times out or works extremely slowly.
Any thoughts would be greatly appreciated.
mal_57091Hi,
Sorry not sure I'm following what your actual issues is here. However, NAPT is effectively the same as source NAT (roughly). So, when a client establishes a FirePass Network Access SSL VPN, FirePass will start a PPP interface on the client machine. That PPP interface is allocated an IP address (typically using a FirePass pool - default is 192.168.192.0/24). With NAPT enabled, when the client starts sending data through the Network Access SSL VPN the FirePass will source NAT the packets and replace the client PPP address with the actual FirePass internal IP address. This means that your internal LAN does not need to know about the client-side PPP interface IPs.
If you disable NAPT then you need to ensure that your internal LAN has a route back to the original client PPP IP address via the FirePass Controller.
Cheers,
Mal