Using vSZ behind NAT routers

  • 2
  • Question
  • Updated 3 months ago
I'm about to deploy a vSZ-H in a DMZ between two firewalls, so that both APs from the internal network and from the Internet can connect to the vSZ. The network looks like this:

   Internal network
(some Ruckus APs are here)
|
+---------+---------+
| Internal firewall |
+---------+---------+
| \
+-----+ | |
| vSZ +---+ }- DMZ network
+-----+ | |
| /
+---------+---------+
| External firewall |
+---------+---------+
|
Internet
(some Ruckus APs
connect from here)

All three networks use different IPv4 address ranges, and the two firewalls perform NAT with PAT. (I can't do much about this, unfortunately.) Consequently, APs from the internal network will reach the vSZ using address A, APs connected over the Internet will use address C, and the vSZ itself has address B configured for their control interface. The firewalls will rewrite the destination address in both cases.

Will this work with vSZ-H out of the box? I'm asking because there is a Control NAT IP option in the setup routine which should be used for the "the public IP address of the NAT server on the network."

So, basically the question is: Does the vSZ communicate the configured control IP address in any of the upper layer protocols to the APs? (...which could make the above outlined setup unlikely to work)
Photo of Christoph

Christoph

  • 2 Posts
  • 0 Reply Likes

Posted 3 months ago

  • 2

Be the first to post a reply!