[f-nsp] Outbound NAT problem

David Miller dmiller at metheus.org
Fri Feb 3 21:52:07 EST 2012


On Feb 3, 2012, at 9:27 PM, George B. wrote:

> Also there was another feature added in 10.2.0i
> 
> "Module: WSM6, WSM7, WSM6-SSL, SI-4G and SI-4G-SSL
> Symptom: Feature enhancement to disable client-ip based sticky
> behavior for IP NAT. By default, a ServerIron creates a sticky session
> based on a NAT client IP address so that all traffic from the same
> client always uses the same IP address in the IP NAT pool. This
> default behavior may not be desired for certain design requirements.
> Resolution: Fixed in Release 10.2.01i.
> The following new global config-level command has been added starting
> with this release.
> ServerIron(config)#ip nat disable-sticky"
> 
> So the ip nat disable-sticky might help you, too, if a client's NAT
> address might be different depending on where it is going and one of
> the destinations might overlap with a different rule.


I have a much simpler setup than that - all the affected hosts were just trying to NAT out on a more-or-less default IP address, so this wouldn't apply.

Thanks,

--- David






More information about the foundry-nsp mailing list