info_i_25x25.png Due to unforeseen weather conditions we are experiencing higher chat wait times. Remember you can also submit a ticket and one of our support representatives will get back to you as soon as possible. We apologize for the inconvenience.

UNMS - Connecting Devices in Private IP Range


Overview


In this article we will explain what is required for NAT when a device inside your network has issues connecting to UNMS when an FQDN is being used.


Table of Contents


  1. Introduction
  2. Network Diagram
  3. Setting the NAT
  4. Related Articles

Introduction


Back to Top

Sometimes you may feel forced to rewrite the FQDN in your generic UNMS key with an IP address, in order to connect a device inside your network to UNMS. In this situation, it is often useful to check if there is a correct source NAT set on your gateway. In this article, we will explain what is going on and how to fix the situation. 


Network Diagram

Screen_Shot_2018-04-25_at_10.12.01_AM.png


Back to Top

 


Setting the NAT


Back to Top

In the schema above, the domain myunms.com is set up on 99.98.97.96 and there is a redirect on the gateway from 99.98.97.96:443 to 192.168.1.20:443. If the address myunms.com is opened from the airMAX device it will not work.

The reason for that is that airMAX device asked DNS to translate myunms.com and it received the public address 99.98.97.96. When the first packet is sent there the gateway router (EdgeRouter 4 in this example) it intercepts the packet and rewrites the destination IP to 192.168.1.20 (UNMS server). The UNMS server gets the packet and it replies with ACK packet (acknowledges the connection) which travels to a sender address - 129.168.1.21 (airMAX device). But the airMAX device sent a request to the 99.98.97.96 server and that server never answered, so that connection eventually times out. Instead, airMAX device receives ACK packet from 192.168.1.20, which the airMAX device never tried to contact so that packet is discarded. 

The solution to this issue is to add a rule to the gateway which will Source NAT all packets going to 192.168.1.20. Here is a guide how to setup source NAT on EdgeRouter devices. This technique is often called NAT Reflection/NAT Loopback/NAT Hairpinning. 


Related Articles


Back to Top

EdgeRouter - Add source NAT rules