Solved: SMA behind NAT - connection issue from outside ESA

anatols · ‎12-23-2016

Hi, All!

We have ESA (c690) ip 10.10.80.5 and SMA(m690) ip 192.168.88.71.

SMA is situated behind NAT and its NATED IP is 172.20.88.71.

When we try to activate centralized quarantine at SMA - we configure ESA to connect SMA's NATED IP ( 172.20.88.71)

Test connection between SMA and ESA is established.

Next we try to activate Outbreak Quarantine and see ESA tries to connect to internal SMA IP 192.168.88.71.

Into mail_log we have got messages about timeout connection from ESA 10.10.80.5 to SMA 192.168.88.71 port 6025 or port 7025

Is it a possible to connect ESA and SMA behind NAT ? May be only real addresses are allowed ?

Thanks for any help.

dmccabej · ‎12-23-2016

Hello,

Yes, unfortunately NAT between an ESA/SMA will not work. You'll need to use the 'real' IP address as you stated. We have an enhancement request on this behavior below if you wish to monitor for future updates.

Unable to use CPQ / PVO on the SMA with NAT between ESA and SMA

Thanks!

-Dennis M.

View solution in original post

dmccabej · ‎12-23-2016

Hello,

Yes, unfortunately NAT between an ESA/SMA will not work. You'll need to use the 'real' IP address as you stated. We have an enhancement request on this behavior below if you wish to monitor for future updates.

Unable to use CPQ / PVO on the SMA with NAT between ESA and SMA

Thanks!

-Dennis M.

anatols · ‎12-23-2016

Thank you very much!

dmccabej · ‎12-23-2016

You're very welcome! :) I'm glad I could help.

Happy Holidays!

-Dennis M.