We are seeing the traffic for the new subnet we added recently are coming as incomplete and need some help to troubleshoot this.
Solved! Go to Solution.
By mistake clicked on me too.
Have you tried assigning that IP address you are using for source NAT on any interface like a secondary ip just for troubleshooting purposes and then try pinging to the next hop using that natted ip address as a source.
Also try sending a G-arp packet after the same to see the resluts
The above step is just to see that Ip has a back and forth reachability from the internet or not
as if that ip itself is not rechable as a source to the next hop the host machines will never be able to reach to the internel using that as a natted source ip address
Also please let me know are you using single VR or 2 virtual routers.
Ok PCAP from the client affected subnet shows only syn packets. Palo Alto PCAP shows syn, syn-ack from the server and that is it.
Another subnet successfully using Internet . Below screen shot:
Subnet 10.94.156.0/24 UN-SUCCESSFUL
Subnet 10.94.159.0/24 SUCCESSFUL
Routing back to the host??
Just a quick update. Routing issue. Packet is not getting back to the affected subnet when Palo sends a syn-ack packet. Thank you all
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!