This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Destination NAT issue or routing change

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Destination NAT issue or routing change

Go to solution
a.jones
L3 Networker

‎07-02-2020 06:50 AM

Hi All,

 

I have had a destination nat running for months without issue.

 

NAT: Source VPN Interface to Inside Interface: Destination Address: 192.168.90.231 Destination Translation: 10.0.8.82

 

Rule: Source VPN to Inside : Source IP to 192.168.90.231

 

It has been working for months without issue.

 

Suddenly last night, the traffic to 192.168.90.231 starts routing to the outside interface and NAT stops working as traffic isn't heading that way. No changes were made on the system, it's not in the BGP routing table. As there is no rule for this it hits default deny. I have checked that the destination real address is routable and it is.

 

This is the only path that is failing. Any idea's?

 

Regards

 

Adrian

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
a.jones
L3 Networker
In response to SutareMayur

‎07-16-2020 05:00 AM

That range was only ever used as an IP range for receiving traffic on the firewall to translate to a real IP on the network. Not sure why it occurred, we think it must have existed somewhere on the internal network and we were lucky before that it worked.

 

I added a static NAT and that resolved the issue.

 

Regards

 

Adrian

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
SutareMayur
L6 Presenter

‎07-03-2020 04:46 AM

@a.jones,

 

I think, there are some changes happened w.r.t. routing for IP 192.168.90.231 and due which traffic is routed outside interface. You can also verify your device FIB to see active routes. Also verify same using test commands through cli.

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
0 Likes Likes

Go to solution
a.jones
L3 Networker
In response to SutareMayur

‎07-16-2020 05:00 AM

That range was only ever used as an IP range for receiving traffic on the firewall to translate to a real IP on the network. Not sure why it occurred, we think it must have existed somewhere on the internal network and we were lucky before that it worked.

 

I added a static NAT and that resolved the issue.

 

Regards

 

Adrian

0 Likes Likes
  • 1 accepted solution
  • 2496 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks