Users enable NAT conversion through NE80, on NE80 NAT configuration is as follows:
nat address-group gdwt 188.8.131.52 184.108.40.206 mask 255.255.255.240 slot 1
nat-policy number 1 ip 220.127.116.11 nat address-group gddx
nat-policy number 2 ip 10.10.8.38 nat address-group gdwt
rule-map wt1 ip 172.19.208.0 0.0.0.255 any
flow-action gdwt nat 2 1
eacl rzgd wt1 gdwt
eacl rzgd wt2 permit
interface g2/0/0 //In internal network ingress use access-group eacl rzgd
access-group eacl rzgd
ip route-static 18.104.22.168 255.255.255.240 NULL 0 preference 60
It is found that NE80 attached private network users can ping through external network address of NE80, but cannot ping the interface address of directly connect uplink device.
Check NAT configuration and it is not false. Private network users can ping through NE80 external network interface address through NAT conversion. NAT invalidness can be irond out. Check uplink device and it is normal. Carefully check NAT configuration and it is found that the next-hop address of nat-policy does not match actual interface address of opposite device. On the configuration it is 10.10.8.38, but actual one is 10.10.8.9. Change this address as actual interface address and it is normal.
Possible reasons are as follows:
1. NAT conversion is not valid.
2. The uplink device has no roundtrip route.
3. NAT parameter configuration is false.