https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794070#M1098661 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> hard to tell, do the users come from the same source network and therefore match the exact same rule?</P> <P>Best thing to do is run packet-tracer from the CLI, this would confirm which NAT rule traffic is or is not matching - example "packet-tracer input INSIDE tcp 192.168.10.1 3000 8.8.8.8 80". It would also confirm if the problem is related to NAT and ACP issue or something else.</P> Tue, 14 Mar 2023 21:15:52 GMT Rob Ingram 2023-03-14T21:15:52Z https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794060#M1098660 <P>Hi</P><P>I Was recently looking into an issue with users unable to connect o an external site and I noticed that the translate hits for the nat rule associated with this access rule werent incrementing I disabled the rule and then re enabled and it sorted it users were able to get to the destination again and the nat translate counters were once again incrementing, Im now looking at another issue which involves another nat rule where users arent able to get to an external site and again the translate counters arent incrementing but the strange thing is 99% of users are getting to the site could this be some sort of bug.??</P><P>Thanks</P> Tue, 14 Mar 2023 21:08:37 GMT https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794060#M1098660 benolyndav 2023-03-14T21:08:37Z https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794070#M1098661 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> hard to tell, do the users come from the same source network and therefore match the exact same rule?</P> <P>Best thing to do is run packet-tracer from the CLI, this would confirm which NAT rule traffic is or is not matching - example "packet-tracer input INSIDE tcp 192.168.10.1 3000 8.8.8.8 80". It would also confirm if the problem is related to NAT and ACP issue or something else.</P> Tue, 14 Mar 2023 21:15:52 GMT https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794070#M1098661 Rob Ingram 2023-03-14T21:15:52Z https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794079#M1098664 <P>Hi<BR />Yes I have ran the packet tracers and its stipulates the correct nat rule, the users that are having issues do tend to be sourced from the same network but&nbsp; the funny thing is not all users from this source subnet are having the issue.? Im wondering if its possible that some translations are stuck and not clearing automatically.?</P> Tue, 14 Mar 2023 21:34:48 GMT https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794079#M1098664 benolyndav 2023-03-14T21:34:48Z https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794086#M1098666 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a>&nbsp;nat exhaustion perhaps?</P> <P>What version are you running, have you checked for bugs?</P> Tue, 14 Mar 2023 21:41:13 GMT https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794086#M1098666 Rob Ingram 2023-03-14T21:41:13Z https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794104#M1098668 <P>Hi</P><P>Version 7.01<BR />I have had a look at the bugs and dont see anything relating to this, whats the best way to manually check for nat exhaustion ??</P><P><BR /><BR />Thanks</P> Tue, 14 Mar 2023 22:10:57 GMT https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794104#M1098668 benolyndav 2023-03-14T22:10:57Z https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794144#M1098670 <P>did your FTD connect to dual ISP ?</P> Wed, 15 Mar 2023 00:41:59 GMT https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794144#M1098670 MHM Cisco World 2023-03-15T00:41:59Z https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794254#M1098677 <P>Hi</P><P>No single</P> Wed, 15 Mar 2023 07:32:23 GMT https://community.cisco.com/t5/network-security/ftd-nat-question/m-p/4794254#M1098677 benolyndav 2023-03-15T07:32:23Z