NAT 1:1 on the Flexy

Ewon Support Ewon Flexy
, , , ,
#1

Hello,

I cannot find anywhere how to properly set up the NAT 1:1 feature on my flexy so that I can access my machine network from my company network. Can you point me in the right direction?

Thanks,
Luke

Configure NAT 1:1 on Flexy 205
NAT ON EWON FLEXY
Accessing web server on eWON WAN
Networking configuration for Flexy to simulate customer network
Use the Flex Wifi Card (FLB3271) to access the Lan port
eWON Flexy: access to PLC with different eWON LAN address
WAN connection drops after enabling 1:1 NAT (Flexy 201)
#2

Hello Luke,

Certainly! The first step we will want to do is to enable NAT 1:1 on the Flexy. To do this, navigate to Configuration > System Setup > Communication > Networking > Routing and select the Enabled checkbox next to NAT 1:1.

image
image1525×839 115 KB

Next, you would select “NAT 1:1 on WAN” from the Mapping drop-down menu and configure your translations in the table that appeared after enabling NAT 1:1. You would want to put the LAN IP of the device under “Device IP (LAN)” and the WAN (a.k.a your company network) IP that you want it to be mapped to under “Mapped IP (WAN)”.

image
image1070×619 46.9 KB

Additional options for NAT 1:1 Mapping are described below:

  • NAT 1:1 on VPN - This allows VPN inter-connectivity between remote sites using the eFive VPN appliance. It can be used to allow a SCADA system on the LAN access to remote devices using the eFive VPN connection. Please see at the bottom of this post a link to a document containing more information.

In our example, the Ethernet device on the eWON LAN side with IP address 192.168.0.115 will become reachable on the eWON WAN side using IP address 10.0.101.11.

Note: Please check with your IT manager to discuss which IP addresses can be used and reserved for the NAT 1:1 feature of the eWON. These IP addresses are not assigned by DHCP and may present an IP conflict if not confirmed with the IT department.

After you are finished inputting all of the translations you need, click update to finish the NAT 1:1 configuration.

Next, we need to adapt the network security settings of the eWON to allow the NAT 1:1 feature. By default, access to the eWON’s WAN side is blocked when configured with a Talk2M connection. To change this default behavior, first we must navigate to Configuration > System Setup > Communication > Networking > Security.

Under WAN Protection select Allow All. Additionally, you must select the checkbox next to WAN IP Forwarding to allow traffic forwarding to the WAN (this allows devices on the LAN to communicate back to the WAN side).

image
image1516×804 80.3 KB

The options for WAN Protection are described below

  • Discard all traffic except for VPN and initiated traffic - the WAN port will block any incoming traffic except for traffic from the VPN or traffic that was initiated from the LAN (similar to stateful filtering).
  • Discard all traffic except for VPN and initiated traffic and ICMP - similar to above, except ping is now allowed to the WAN IP.
  • Allow all traffic on WAN connection - This is the option we selected above, and allows any traffic from the WAN to access the LAN.
  • WAN IP Forwarding - Enabling this option allows LAN traffic to access the WAN. It will now allow access from the VPN to the WAN unless routes are manually added into the routing table and an eFive appliance is used.

Select Update from the bottom of the page to apply the settings. Finally, you must reboot the eWON to finalize the changes we’ve made. You can find a reboot option under Configuration > System Setup > General > General > Reboot.

Please let us know if you run into any issues going through the steps above!

NAT 1:1 on Flexy 205
Serial via NAT 1:1
Configure an eWON Flexy 201 NAT 1:1
Ewon without internet
Can I remotely program an AB Micro850 through an Flexy205?
EWON Flexy 202 NAT setup
#4

Is 10 the maximum number of routes? Is there a module that will allow me to do more than 10 routes?

Thanks

#5

Hello Ricardo,

10 is the max number of devices for NAT1:1.