This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

No hits on source NAT

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

No hits on source NAT

Go to solution
AtosErik
L0 Member

‎04-28-2022 12:53 PM

Really basic setup here.  I'm just trying to get a lab setup going but I'm not able to get out to the Internet.  I'm not seeing any hits on my NAT policy and therefore no hits no my security policies.  To my knowledge this is setup correctly.  I can ping the LAN/WAN interfaces just fine.

 

PA-820

10.1.0

WAN is ethernet1/1

LAN is ethernet1/2 

 

NAT-config.PNG 

Is there anything I can use to troubleshoot?  I have a box running where I can ping the DS-LAB gateway but cannot ping out to 8.8.8.8.  Session count is 0.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
Adrian_Jensen
L6 Presenter

‎04-28-2022 03:02 PM

There are a few things to look at, not exactly sure how you have set everything up. But off the top of my head:

1) In the Translated Packet tab of your NAT policy, under the Source Address Translation, have you set an IP to be translated to? I see the translation type and interface, but not the address in the screen shot.

 

2) Do you have a Security Policy that allows traffic from DS-LAB to INTERNET?

 

3) Do you have a default route in your routing table for the destination out to the internet?

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
Adrian_Jensen
L6 Presenter

‎04-28-2022 03:02 PM

There are a few things to look at, not exactly sure how you have set everything up. But off the top of my head:

1) In the Translated Packet tab of your NAT policy, under the Source Address Translation, have you set an IP to be translated to? I see the translation type and interface, but not the address in the screen shot.

 

2) Do you have a Security Policy that allows traffic from DS-LAB to INTERNET?

 

3) Do you have a default route in your routing table for the destination out to the internet?

0 Likes Likes

Go to solution
AtosErik
L0 Member

‎04-28-2022 05:52 PM

Thanks!  It was the static route.  I forgot since the WAN was static I needed to add that manually.  I was used to using DHCP which would install the route automatically.

  • 1 accepted solution
  • 2633 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks