Static destination NAT problem

Forum|Forum|4 years ago
October 6, 2021
1 reply
3967 views

HI people, im trying to implement a destination nat policy without success.

Im using VIP config and a policy allowing incoming traffic but the traffic is always blocked with thread 131072 message.

DIAGRAM:

MESSAGE LOG:

policy config:

config firewall policy edit 6 set uuid ee869f6e-1763-51ec-2c06-3af0cdd4d970 set srcintf "any" set dstintf "any" set srcaddr "all" set dstaddr "NAT-IPERF-PUBLIC" "NAT-IPERF-PRIVATE" set action accept set schedule "always" set service "ALL" set logtraffic all set capture-packet enable next

vip config:

config firewall vip edit "NAT-IPERF-1" set uuid 86f995e6-17e9-51ec-e2cf-6bb4e9b41359 set comment "156.245.0.7 --> 10.1.10.17" set extip 156.245.0.7 set extintf "any" set mappedip "10.1.10.17" next end

199283-2.png

199283-1.png

ac1

Explorer III

Hi, the destination address must be "NAT-IPERF-1":

policy config:
config firewall policy
edit 6
set uuid ee869f6e-1763-51ec-2c06-3af0cdd4d970
set srcintf "any"
set dstintf "any"
set srcaddr "all"
set dstaddr "NAT-IPERF-1"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set capture-packet enable
next

emnoc

New Member

Agreed "NAT-IPERF-1" also if you looked at the log you would have seen you did not match any policy, hence policy id 0

"diag debug flow" is your friend

Ken Felix

hfariasAuthor

New Member

Thanks to all! Yes, adding the nat policy to the ipv4 security policy solved the issue!

Thanks Very much!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded