Having a dynamic IP, this blog can help you with your current setup. In this article, we will discuss how to configure NAT to change the port for the server to go out to the internet with IP Wan as a dynamic IP –
As you know, I hate having multiple ip addresses on my pc. I have to use dynamic ip’ing to go out to the internet. I know that the ips I used to use have been taken. I know that my ip is in the range of 270-280. I have to use a service to find out what my ip is and change it for the service that I want.
Here at Alternativeway, we have a lot of new website visitors who want to change their existing dynamic IP to the streaming platform. We have a lot of customers who already use IP Wan to stream their internet TV shows and movies. The problem is that almost all of them are using a static IP (no matter how dynamic it is).
1. Purpose of Article
Network management requires the server to be connected to the Internet for remote management.
But how can you connect devices to the Internet if they all use the same administrative access port?
In this article, techbast explains how to configure nat to change the port so that nat servers can connect to the Internet even if they use the same administrative port.
The article also explains how to configure DDNS on Palo Alto devices to give us a solution when using the Internet with a dynamic IP.
2. Network
Details:
- As shown in the diagram, the Palo Alto Firewall device is connected to the Internet via PPPoE on port E1/1 with a dynamic IP of 14.169.x.x.
- In Palo Alto, there is a LAN layer with a static IP address of 172.16.31.1/24 defined on port E1/5. A DHCP server is configured on port E1/5 that assigns an IP address to devices connected to it.
- Then the VMware ESXi server is located at LAN level with an IP address of 172.16.31.10/24 and this VMware Exsi server is managed over the web with HTTPS.
- Finally, a computer outside the Internet, this computer can be located anywhere on the Internet.
3.Configuration scenarios
As you can see, both the Palo Alto Firewall administration page and the VMware ESXi server use port 443 for access.
So if we do a 1:1 NAT, we can only connect one of the two devices to the Internet.
In this article, techbast will force the VMware ESXi server to come online via port 442 so that the administrator can access the administrative portion of both devices.
If we use it, there is a problem because the Wan IP device is a dynamic IP that can change at any time, so our original configuration is no longer effective.
So in this article, besides the nat port configuration guide, we will use the dynamic DNS service to give us an additional domain name, and this domain will help us to automatically update the wan IP when it changes.
4.step to adopt
- Configuring DDNS
- Creating addressable objects
- Establishment of service facilities
- Create a NAT rule
- Establishment of a safety policy
- Result
5.Configuration
5.1 Configuring DDNS
- To use the DDNS service, we first need to create an account. In this article we will use the no-ip DDNS service.
- To create an account, go to the following link: https://www.noip.com/.
- After successfully creating or logging into a noip account, a noip hostname is created.
- To create a no-IP hostname, go to Dynamic DNS> No-IP hostname> Create hostname.
- The Create Host Name table appears, enter the following information:
- Hostname: The desired name, here vacifcoltd.
- Url Domain : choose ddns.net.
- Recording type : Select DNS Host (A).
- IPv4 address: enter ip wan, here enter 14.169.x.x.
- Click on Create Hostname .
- The DDNS vacifcoltd.ddns.net has been created.
- In the next step we need to configure DDNS for the Ethernet1/1 Internet port.
- Để cấu hình DDNS cho port Ethernet1/1 chúng ta cần tạo certificate, để tạo vào tab Device > Certificate Management > Certificates > Generate và điền các thông tin sau :
- Type of certificate : Select the room
- Name of the certificate : Enter the name of the certificate, here we enter CA_VPN.
- Common name: Enter the hostname created on the noip page – vacifcoltd.ddns.net.
- In the Certificate Attributes table, click Add, select Hostname in the Type column, and type vacifcoltd.ddns.net in the Value column.
- Click on the Create button.
- Next we are going to configure DDNS for the Ethernet1/1 port, to configure this go to Network> Interfaces> select Ethernet1/1> Advanced> DDNS and configure according to the following settings:
- Check the setting of v to Enable.
- In Certificate Profile, click the drop-down menu and select New Certificate Profile> The Certificate Profile window appears, enter a name under VPN_Cer Name, select Add CA Certificates> The Certificate Profile window appears, select the CA_VPN you just created in the CA Certificate field, and double-click OK to complete.
- Under Hostname: enter the hostname created on noip as vacifcoltd.ddns.net.
- Manufacturer: Select No-IP v1.
- After choosing a provider, enter the account and password you created on the No-IP page in the table below.
5.2 Creating service objects
We need to create service objects for port 442, to do this we need to create them in Objects > Services.
Click Add and create according to the following parameters:
- Name: Port_442
- Protocol: TCP
- Port of destination : 442
- Press OK to save.
5.3 Creating addressable objects
- We will create 2 address objects, server-public 1, where ip-address is the WAN port address of the device 14.169.x.x and webserver-private is the IP address of the internal web server.
- To create, go to Objects > Addresses > click on Add and enter the following information:
- Type: FQDN – vacifcoltd.ddns.net
- Press OK.
- Click Add again to create an address object for the web server:
- Type: IP network mask – 172.16.31.10
- Press OK.
5.4 Creating a NAT rule
- To create a NAT rule, go to Policy > NAT > Click Add.
- On the General tab, configure the following information:
- On the Original Package tab, enter the following parameters:
- Target Interface: Ethernet1/1
- Destination address : Server public 1
- On the Translated Package tab, the Destination Translation section is configured as follows:
- Translation type: Static IP
- Transfer address : 172.16.31.10
- Translation gate : 443
3.4 Create a security policy
- Create a security policy to allow traffic from the WAN area to the LAN area.
- Go to Policy > Security > Click on Add.
- Make the following settings on the General tab:
- Type of control: universal (standard)
- Destination tab :
- Destination address : Server public 1
- Service category/URL :
- Select the Port_442 service and Each
- Action
- Configure Logging : Select Log in at the end of a session
3.4 Result
After configuring the required policies, we access the internal server from a computer outside the Internet using a Wan IP with port 442, and the result is as follows.
We were able to successfully access the server from the Internet through port 442.
- We can also access the firewall administration page through port 443, as usual.
YOU MAY ALSO BE INTERESTED IN
How to configure NAT to change the port for the server to go out to the internet with IP Wan as a dynamic IP –. Read more about ip nat pool command and let us know what you think.
Frequently Asked Questions
How do I set outside NAT on Cisco router?
On a Cisco router, you can set the outside NAT on the interface that connects to your ISP.
What is ip nat inside and ip nat outside?
Inside: The inside interface of a router. Outside: The outside interface of a router.
Does NAT occur before or after routing?
NAT occurs after routing.
Related Tags:
ip nat outside source staticip nat inside source static networkip nat pool commandip nat inside source list overloadnat configuration in packet tracerdynamic nat configuration,People also search for,Feedback,Privacy settings,How Search works,ip nat outside source static,how to configure nat on cisco router step by step,ip nat inside source static network,cisco router static nat configuration example,ip nat pool command,ip nat inside source list overload,nat configuration in packet tracer,dynamic nat configuration
