CISCO 1852i and AP SCB with router NAT 1:1

a.dommanget · ‎02-09-2021

Hi,

I have a problem contacting an mguard router or an automate behind mGuard with nat 1:1 from the SSID broadcast by my Cisco wifi access point.

The problem only arises with 1: 1 nat
If we do port NAT, we don't have a problem.
However, due to some industrial machine, we cannot use different ports.

AUTOMATE = Industrial machine
AP CISCO : AP1852i
Phoenix Contact WL1100
mGuard RS2000

Here is the diagram of my network
https://ibb.co/JrVZYLF

AP CISCO --- WiFi --- AP CLIENT SCB Phoenix Contact WLAN1100 <--- ethernet ---> mGuard RS2000 <--- ethernet ---> AUTOMATE
PC :
ping 10.227.50.1 OK
ping 10.227.50.120 OK
ping 10.227.50.123 OK
ping 10.227.50.79 FAIL (it's normal)
ping 10.227.50.78 FAIL
ping 10.227.50.77 FAIL

mGuard :
ping 10.227.50.1 OK
ping 10.227.50.120 OK
ping 10.227.50.123 OK

SWITCH CISCO <--- ethernet ---> mGuard RS2000 <--- ethernet ---> AUTOMATE
ping 10.227.50.1 OK
ping 10.227.50.120 OK
ping 10.227.50.123 OK
ping 10.227.50.78 OK
ping 10.227.50.77 OK

http 10.227.50.77 OK

mGuard :
ping 10.227.50.1 OK
ping 10.227.50.120 OK
ping 10.227.50.123 OK

AP D-LINK --- WiFi --- AP CLIENT SCB Phoenix Contact WLAN1100 <--- ethernet ---> mGuard RS2000 <--- ethernet ---> AUTOMATE
PC :
ping 10.227.50.1 OK
ping 10.227.50.120 OK
ping 10.227.50.123 OK
ping 10.227.50.79 FAIL (it's normal)
ping 10.227.50.78 OK
ping 10.227.50.77 OK

http 10.227.50.77 OK

mGuard :
ping 10.227.50.1 OK
ping 10.227.50.120 OK
ping 10.227.50.123 OK