topic problem with no nat after upgrade version in Network Security

problem with no nat after upgrade version

Diego Maciel Gomes — Tue, 12 Mar 2019 00:27:22 GMT

Hello Guys...

Im having problems with nat after upgrade....

source = 10.11.7.14

destination = 10.0.32.10

the next hop for 10.0.32/24 is 10.0.5.1, by inside interface. My firewall Pings this 10.0.5.1. When I change the router to doesnt pass by firewall, the connection works from source to destination, works!

In log, im receiving this message:

Nov 23 2012

15:24:54

302303

spbwts02_0303

55517

10.0.32.10

Built TCP state-bypass connection 249015 from dmz:spbwts02_0303/55517 (spbwts02_0303/55517) to inside:10.0.32.10/80 (10.0.32.10 /80)

Nov 23 2012

15:27:29

302304

spbwts02_0303

51123

10.0.32.10

Teardown TCP state-bypass connection 242785 from dmz:spbwts02_0303/51123 to inside:10.0.32.10/80 duration 1:00:10 bytes 0 Connection timeout

In 8.2 I had this NAT:

DMZ interface:

Exempt 10.0.32.0/24 10.11.7.0/24 (outbound)

I have a bypass for those networks and services. I guess I dont need bypass because the packet comes from dmz and goes to inside, right? Anyway, I removed bypass and nothing happen!

And now, in 8.4(5) I have:

DMZ Inside obj-10.11.7.0/24 obj-10.0.32.0/24 any original original

What can be my problem?

problem with no nat after upgrade version

Peter Koltl — Sun, 25 Nov 2012 20:24:17 GMT

You may have encountered the change of NAT behavior from 8.4(2). Check the "Lookup route table to locate egress interface" checkbox in your identity NAT rule. (This is the route-lookup option in CLI.)

Paste your config if that does not help.

problem with no nat after upgrade version

Diego Maciel Gomes — Mon, 26 Nov 2012 11:18:12 GMT

Hi Peter!

I changed the route for that network and worked!

But I needed to keep the bypass. I didnt understand why, because the traffic comes from DMZ and goes to INSIDE.

problem with no nat after upgrade version

Peter Koltl — Mon, 26 Nov 2012 12:13:25 GMT

Fine, but what did you change exactly?

problem with no nat after upgrade version

Diego Maciel Gomes — Mon, 26 Nov 2012 12:29:11 GMT

route, look:

Before:

route inside 10.0.32.0 255.255.255.0 10.11.5.1 1

Now and working:

route inside 10.0.32.0 255.255.255.0 10.11.2.3 1

I dont have an interface in the 10.11.5.0 network. I guess when someone configured the route, put this 10.11.5.1 as gateway, but I dont know how it was working.

Now, I changed to 10.11.2.3 and OK. My firewall has an interface in 10.11.2.0 newtork.

But the bypass is a mistery to me yet!