Video:

Source network address translation or SNAT is disabled by default in CloudConnexa and it can be helpful to keep it disabled for audit purposes or scenarios or solutions such as voice over IP that may not work correctly with SNAT, but source network address translation or SNAT can be helpful in remote access scenarios. To simplify, routing configuration on a remote side, SNAT modifies the source IP address of outgoing packets. When SNAT is enabled source IP address of all inbound traffic from CloudConnexa will be set to Gateway IP address.

The incoming traffic is translated to the last hop gateways address. This happens before the traffic reaches the actual client or connector. By doing this, you avoid the need to set up specific routes on the connector for all possible source IP address ranges of incoming traffic. So SNAT helps streamline the process and ensures that incoming traffic is properly routed without complex configuration. It can help to hide internal IP addresses, control traffic flow, and improve security. One more important note I want to make here is that SNAT is helpful in site to site configurations where you don't want to configure backward route. And again, you can enable SNAT in CloudConnexa or you can configure a directly in network connector.

If you look at this diagram, we can see our remote workers here would each have their own IP addresses when they connect to CloudConnexa. And our resources are sitting on AWS So when these remote workers connect to our resources and if we scan the network, we can see their local IP address or the CloudConnexa local IP address. But when we enable SNAT on CloudConnexa, each remote worker, when they connect to CloudConnexa, the IP address that we're gonna see on the other side is gonna be the gateway IP address, which in our case is gonna be 196.1 17. So again, some benefits of enabling SNAT. First of all, hides internal IP addresses, making it difficult for external entities to map the network.

So let's look at SNAT in action. So as you can see, I'm logged into my admin user interface of our cloudconnector. If I expand settings and go to WPC, you can see SNAT is disabled. This is by default. So what we're gonna do, we're gonna connect as a remote user to our resources, one of the resources in our destination or network, and run a network analyzer on our destination as well, on our connector to see what happens. So first, let's go ahead and connect.

Tara is one of our users and I'm gonna go ahead, connect with her and here we go. Then I'm connected to my connector here on our destination, which is our AWS. This is where our resources are. First thing, let's do an IP address to see what happens. So if I look at here, our TUN one this is where we're looking at, our IP address is 196.1 point 18, and this subnet slash 28. So this is what we have here. Now, if you look at the Connect app, the local private IP address of Tara's machine at this time is 196.1 51. So if I run a network analyzer or traffic analyzer on Port 80, let's see what happens. So this is what I'm gonna do. I'm gonna put both screens side to side so we can see. So port 80 let's go ahead and listen on here. Oops let me change my tunnel here. Here we go. So we're gonna listen on port 80 and then we have an app on our destination timecard. I'm gonna access that app. Here we go. And here we can see that the IP address of our source. It shows 100 point 96.1 point 51, which is our client's IP address of private ip. Uh, this is where SNAP is disabled.

Now let's go back and enable SNAT and see what happens. So I'm gonna go back to my cloud Connecta admin user interface and let's just stop listening on this port. Here we go. And then we're gonna enable SNAT. So let's go ahead. Click on edit, enable, update, and confirm. So our SNAT is enabled. If you look at the Connect app, we can see Tara is still connected. The private IP address here we go is the same 196.1 51. Let's go ahead and listen on that port 80 again on our connector. And we're just gonna go refresh this page. And now if you look at it, we can see that the source IP address is shows that 100.96.1 17, which is our gateway. If you remember, when we look at the IP address of our TUN one here it was, this was our IP address for the subnet. Okay, this was a quick introduction on source network address translation, and SNAT.

Just to summarize SNAT is helpful in remote access scenarios to simplify routing or writing configuration on a remote site. But at the same time, it can be helpful to disable it for auditing purposes or for scenarios or solutions such as voiceover IP that may not work correctly with SNAT remember source network address translation or SNAT modifies the source IP address of outgoing packets. Hope you enjoy this. We'll see you on the next video. Thank you very much.