NE20E Sends NAT Log Packets with the Source Addresses Being 0.0.0.0 to the XLOG Server

Publication Date:  2012-07-27 Views:  140 Downloads:  0
Issue Description
 NE20E---XLOG server
As shown in the networking diagram, an NE20E is connected to an XLOG server. The NE20E sends NAT log packets to the XLOG server.
The XLOG server, however, cannot receive the NAT log packets sent by the NE20E. 
 
Alarm Information
 Null 
Handling Process
 1. Before enabling the NAT log function, run the display fib command to check whether the NE20E has a route to the XLOG server. If the route exists, run the firewall session log-type binary host host-address host-port command.
2. If the NAT log function is enabled on the NE20E before the NE20E learns the route to the XLOG server, the source address of each NAT log packet will be 0.0.0.0. To resolve this problem, disable the NAT log function, check that the NE20E has a route to the XLOG server, and then enable the NAT log function. 
 
Root Cause
 Analysis on captured packets shows that the source IP addresses of the NAT log packets sent by the NE20E to the XLOG server are 0.0.0.0, but the XLOG server cannot receive packets with the source addresses being 0.0.0.0. After the NAT log function is enabled on the NE20E, the NE20E searches for routes to the XLOG server at the software side. If a route is found, the NE20E sends the IP address of the outbound interface as the source address to the NP. If no route is found, the NE20E sends 0.0.0.0 as the source address to the NP. The internal process causes the NE20E to send log packets with the source addresses being 0.0.0.0 to the XLOG server. 
Suggestions
 Null 

END