[f-nsp] Outbound NAT problem

George B. georgeb at gmail.com
Fri Feb 3 22:06:45 EST 2012


David, there have been SEVERAL NAT fixes looking at the release notes
for 10.2.x.  I would upgrade anyway.  Also, there may be other fixes
in the code that doesn't specifically address a customer reported
bug.  Going to the latest 10.2 might not be a bad thing.



On Fri, Feb 3, 2012 at 6:52 PM, David Miller <dmiller at metheus.org> wrote:
>
> On Feb 3, 2012, at 9:27 PM, George B. wrote:
>
>> Also there was another feature added in 10.2.0i
>>
>> "Module: WSM6, WSM7, WSM6-SSL, SI-4G and SI-4G-SSL
>> Symptom: Feature enhancement to disable client-ip based sticky
>> behavior for IP NAT. By default, a ServerIron creates a sticky session
>> based on a NAT client IP address so that all traffic from the same
>> client always uses the same IP address in the IP NAT pool. This
>> default behavior may not be desired for certain design requirements.
>> Resolution: Fixed in Release 10.2.01i.
>> The following new global config-level command has been added starting
>> with this release.
>> ServerIron(config)#ip nat disable-sticky"
>>
>> So the ip nat disable-sticky might help you, too, if a client's NAT
>> address might be different depending on where it is going and one of
>> the destinations might overlap with a different rule.
>
>
> I have a much simpler setup than that - all the affected hosts were just trying to NAT out on a more-or-less default IP address, so this wouldn't apply.
>
> Thanks,
>
> --- David
>
>



More information about the foundry-nsp mailing list