Destination NAT issue or routing change

Reply
Highlighted
L3 Networker

Destination NAT issue or routing change

Hi All,

 

I have had a destination nat running for months without issue.

 

NAT: Source VPN Interface to Inside Interface: Destination Address: 192.168.90.231 Destination Translation: 10.0.8.82

 

Rule: Source VPN to Inside : Source IP to 192.168.90.231

 

It has been working for months without issue.

 

Suddenly last night, the traffic to 192.168.90.231 starts routing to the outside interface and NAT stops working as traffic isn't heading that way. No changes were made on the system, it's not in the BGP routing table. As there is no rule for this it hits default deny. I have checked that the destination real address is routable and it is.

 

This is the only path that is failing. Any idea's?

 

Regards

 

Adrian


Accepted Solutions
Highlighted
L3 Networker

That range was only ever used as an IP range for receiving traffic on the firewall to translate to a real IP on the network. Not sure why it occurred, we think it must have existed somewhere on the internal network and we were lucky before that it worked.

 

I added a static NAT and that resolved the issue.

 

Regards

 

Adrian

View solution in original post


All Replies
L6 Presenter

@a.jones,

 

I think, there are some changes happened w.r.t. routing for IP 192.168.90.231 and due which traffic is routed outside interface. You can also verify your device FIB to see active routes. Also verify same using test commands through cli.

 

Mayur



Mayur
Highlighted
L3 Networker

That range was only ever used as an IP range for receiving traffic on the firewall to translate to a real IP on the network. Not sure why it occurred, we think it must have existed somewhere on the internal network and we were lucky before that it worked.

 

I added a static NAT and that resolved the issue.

 

Regards

 

Adrian

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!