[rbak-nsp] Some problems with NAT enhanced in SE600
Dmitry
dmitry at zhigulinet.ru
Mon Nov 7 04:58:54 EST 2016
and show problem subsriber
show subscriber active username test_user
On 07.11.2016 11:12, Соловьёв Роман Анатольевич wrote:
>
> Here is my NAT config
>
> local]Redback#sh configuration nat
>
> Building configuration...
>
> Current configuration:
> !
> context local
> !
> nat logging-profile NAT_LOG_RUBTSOVSK
> export-version v9
> destination 192.168.0.40 port 9996
> !
> context local
> !
> ip nat pool NAPT-pool-1 napt paired-mode
> paired-mode subscriber over-subscription 10 port-limit 6000
> address 41.215.233.161 to 41.215.233.190
> exclude well-known
> !
> context local
> !
> policy access-list NAT-acl
> seq 10 permit ip 192.168.128.0 0.0.127.255 any class NATclass1
> seq 20 permit ip any any class NO_NAT
> !
> *nat policy NAT-1 enhanced*
> connections tcp maximum 2000
> connections udp maximum 2000
> connections icmp maximum 30
> ! Default class
> ignore
> timeout tcp 1800
> timeout udp 60
> timeout fin-reset 60
> timeout icmp 30
> timeout syn 60
> timeout basic 300
> timeout abandoned 1800
> admission-control tcp
> admission-control udp
> admission-control icmp
> *endpoint-independent filtering tcp*
> *endpoint-independent filtering udp*
> inbound-refresh udp
> icmp-notification
> ! Named classes
> access-group NAT-acl
> class NATclass1
> pool NAPT-pool-1 local
> timeout tcp 18000
> timeout udp 60
> timeout fin-reset 60
> timeout icmp 30
> timeout syn 60
> timeout abandoned 1800
> *endpoint-independent filtering tcp*
> *endpoint-independent filtering udp*
> inbound-refresh udp
> icmp-notification
> class NO_NAT
> ignore
> inbound-refresh udp
> icmp-notification
> !
> end
>
> With such config we have problem with Skype - no connection - even
> test connection!
> problem with online games such as steam, Dota and etc...
> With public IP (no NAT) everything is ok - Skype. games and so on....
> What I have forgotten?
> ------------------------------------------------
> С уважением Соловьёв Роман
> Технический директор
> ООО "СерДи ТелеКом"
> тел. +7 87951 35529
> +7 9624 335529
> Сайт компании
> www.serdi.ru
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20161107/0c5bf77b/attachment-0001.html>
More information about the redback-nsp
mailing list