Skip to main content
markscott_wg
markscott_wg
New Member
March 16, 2018
Question

Strange VIP /NAT issue

  • March 16, 2018
  • 1 reply
  • 3266 views

We have a customer which is migrating their internet connectivity to a new speed and provider.   WAN2 has the legacy internet connection and WAN1 has the new internet connection.

 

I am attempting to migrate VIP and rules to the new connection.  Although I have created a new VIP and rule to map RDP to port 52002, it does not work on the new connection, even though it works on the old connection and IP.   I have ensured the new IP is correct and that the internal IPs are also correct.

 

Another server on port 52000 works as expected so I am at a loss to explain this.

    1 reply

    emnoc
    emnoc
    New Member
    March 16, 2018

    cli cmd diag debug flow  is your friend, but it sounds like a routing and failures  with uRPF lookup. I bet the old default route is pointed thru WAN1, if the  VIP is attached to WAN2 and you have a RPF lookup failure the   firewall  will drop the packet due to RPFs checks.

     

    If you want to confirm, place a /32 host route thru WAN2 to the source of your tester ipv4 address.

     

    Ken

    rwpatterson
    rwpatterson
    New Member
    March 16, 2018

    The VIP definition asks for an external port. Make sure you change that in the VIP definition. It will only work on one outward facing interface, not both.

    Terms & ConditionsAccessibility statement