Static destination NAT problem

hfarias · ‎10-06-2021

HI people, im trying to implement a destination nat policy without success.

Im using VIP config and a policy allowing incoming traffic but the traffic is always blocked with thread 131072 message.

DIAGRAM:

MESSAGE LOG:

policy config:

config firewall policy edit 6 set uuid ee869f6e-1763-51ec-2c06-3af0cdd4d970 set srcintf "any" set dstintf "any" set srcaddr "all" set dstaddr "NAT-IPERF-PUBLIC" "NAT-IPERF-PRIVATE" set action accept set schedule "always" set service "ALL" set logtraffic all set capture-packet enable next

vip config:

config firewall vip edit "NAT-IPERF-1" set uuid 86f995e6-17e9-51ec-e2cf-6bb4e9b41359 set comment "156.245.0.7 --> 10.1.10.17" set extip 156.245.0.7 set extintf "any" set mappedip "10.1.10.17" next end

ac1 · ‎10-07-2021

Hi, the destination address must be "NAT-IPERF-1":

policy config:
config firewall policy
edit 6
set uuid ee869f6e-1763-51ec-2c06-3af0cdd4d970
set srcintf "any"
set dstintf "any"
set srcaddr "all"
set dstaddr "NAT-IPERF-1"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set capture-packet enable
next

emnoc · ‎10-07-2021

Agreed "NAT-IPERF-1" also if you looked at the log you would have seen you did not match any policy, hence policy id 0

"diag debug flow" is your friend

Ken Felix

PCNSE

NSE

StrongSwan

hfarias · ‎11-04-2021

Thanks to all! Yes, adding the nat policy to the ipv4 security policy solved the issue!

Thanks Very much!

Static destination NAT problem

Nominate a Forum Post for Knowledge Article Creation