Happy friday everyone,
I do have a doubt regarding connection to a private service.
The connection diagram is shown below
In an office, there’s a TP-Link ER605 router, private Subnet 172.16.0.0/24, Router private IP 172.16.0.1, router public IP 200.x.x.x
At the private cloud site there’s a Vyatta VRA 5600 public IP 201.y.y.y and private IPs 10.172.x.65 (VLAN 1) and 10.173.y.72 (VLAN 2).
Deep inside the cloud provider there’s an unknown router with private IP 10.170.x.66 that connects VLAN (2) and an internal service subnet 166.8.0.0/14
There’s a static route on Vyatta to 166.8.0.0/14 and, I am able to ping the private service IP from the VRA.
I am able to ping Vyatta private interfaces from the computers on the office (172.16.0.0/24) but not able to ping the private service.
Any thoughts on how can I get there?
Hi @mraquino,
The “unknown router” needs a route to 172.16.0.0/24 via 10.173.y.72
Can you show “unknown router” routing table?
I do not have access to the unknown router, it’s managed by the Cloud provider. I only have access to the Vyatta and the TP-Link routers.
I do know several other users of the private service use the feature but I don’t know what is missing.
OK, then you can use NAT on Vyatta for traffic from 172.16.0.0/24 to 166.8.0.0/14
NAT gives access to private service from private subnet
Would this work?
NAT Rulesets Information
SOURCE
rule intf match translation
100 dp0bond0 from 172.16.0.0/24 to 166.8.0.0/16 pinhole dynamic any → 10.173.42.72
Thanks @Nikolay!
I managed to have it working with your idea
set service nat source rule 100 source address 172.16.0.0/24
set service nat source rule 100 translation address masquerade
Great!
A command like this could be added (for more accurate NAT work):
set service nat source rule 100 outbound-interface {interface with VLAN2 address}
