No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our Private policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU

After R3680E enables nat Switch, the Internet cannot communicate with R3680E

Publication Date:  2012-07-27 Views:  183 Downloads:  0
Issue Description
1) Any address of the Internet cannot communicate with the Internet address of R3680E, the out interface of Internet does nat switch.
   
2)Collect the configuring information, and detect the ACL is error: the rule defined by ACL has permit any.


Alarm Information
Networking: interior network----firewall---3680e-------Internet

any address of the Internet cannot communicate with the Internet address of 3680e, the out interface of Internet enable nat switch.


Handling Process
Delete permit any rule in ACL and allow the special private network address switch only and eny other unwanted network segments, recite the rule, the problem is solved.

Root Cause
Use one interface address to do nat address, communicate with the after-switching interface address, at this time, nat interface can receive icmp echo, but icmp reply will generate one nat entry because of ACL definition, as nat switches, icmp mirros via identifier and port, then as icmp reply identifier differs from echo,the above nat interface address is uncommunicated.

END