No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

An Incorrect Port Range Configuration of a NAT Instance on an ME60 Causes Only Some of Internal Network Users to Access the Internet

Publication Date:  2019-03-27 Views:  55 Downloads:  0

Issue Description

A client has seven public IP addresses which are used as the IP addresses in the NAT address pool. After NAT is configured, only seven IP addresses of the internal network can access the Internet after NAT is implemented.

Handling Process

1. Check NAT-related configurations. It is found that the NAT configurations performed in traffic direction mode are correct.

2. Run the dis nat user-information domain xx verbose command to confirm the faulty symptom.

dis nat user-information domain dianxin verbose 
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 5 Engine: 0
Total number:  7.
  ---------------------------------------------------------------------------
  User Type                             :  NAT444
  CPE IP                                :  10.64.241.139
  User ID                               :  206482
  VPN Instance                          :  -
  Address Group                         :  ceshi
  NAT Instance                          :  ceshi
  Public IP                             :  123.164.7.230
  ---------------------------------------------------------------------------
  ---------------------------------------------------------------------------
  User Type                             :  NAT444
  CPE IP                                :  10.64.241.133
  User ID                               :  68117
  VPN Instance                          :  -
  Address Group                         :  ceshi
  NAT Instance                          :  ceshi
  Public IP                             :  123.164.7.225
  ---------------------------------------------------------------------------
  ---------------------------------------------------------------------------
  User Type                             :  NAT444
  CPE IP                                :  10.64.241.185
  User ID                               :  150941
  VPN Instance                          :  -
  Address Group                         :  ceshi
  NAT Instance                          :  ceshi
  Public IP                             :  123.164.7.226
  ---------------------------------------------------------------------------
  ---------------------------------------------------------------------------
  User Type                             :  NAT444
  CPE IP                                :  10.64.241.212
  User ID                               :  85174
  VPN Instance                          :  -
  Address Group                         :  ceshi
  NAT Instance                          :  ceshi
  Public IP                             :  123.164.7.228
  ---------------------------------------------------------------------------
  ---------------------------------------------------------------------------
  User Type                             :  NAT444
  CPE IP                                :  10.64.241.140
  User ID                               :  42220
  VPN Instance                          :  -
  Address Group                         :  ceshi
  NAT Instance                          :  ceshi
  Public IP                             :  123.164.7.229
  ---------------------------------------------------------------------------
  ---------------------------------------------------------------------------
  User Type                             :  NAT444
  CPE IP                                :  10.64.241.136
  User ID                               :  185435
  VPN Instance                          :  -
  Address Group                         :  ceshi
  NAT Instance                          :  ceshi
  Public IP                             :  123.164.7.231
  ---------------------------------------------------------------------------
  ---------------------------------------------------------------------------
  User Type                             :  NAT444
  CPE IP                                :  10.64.241.141
  User ID                               :  183959
  VPN Instance                          :  -
  Address Group                         :  ceshi
  NAT Instance                          :  ceshi
  Public IP                             :  123.164.7.227

  ---------------------------------------------------------------------------

The NAT information in the command output shows that only seven IP addresses exist and NAT does not work for lots of internal users.

3. Check the configurations. It is found that the port-range 64512 configuration exists in the NAT instance. The command description shows that a port range is pre-allocated to every private IP address and the maximum port range is 64512.

However, the configuration shows that all the ports corresponding to a public IP address are pre-allocated to one private IP address.

4. Run the undo port-range command on the NAT instance to perform dynamic allocation. All users on the internal network can properly access the Internet.


Root Cause

The incorrect port-range configuration in the NAT instance causes all the ports corresponding to a public IP address to be pre-allocated to one private IP address.

Solution

Delete the port-range configuration from the NAT instance to restore the dynamic port allocation mode.

END