ASA NAT Bug

发布时间:2020-05-03 06:29:18 作者:weidabao123
来源:网络 阅读:634

CSCun95075 - ASA drops packet due to nat-no-xlate-to-pat-pool after removing NAT rule

 

Symptom:
Once a twice NAT rule with a service translation is added, other traffic on the interface may also be dropped with a reason of nat-no-xlate-to-pat-pool. This is expected behavior and more details can be found here:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/access_fwaaa.html#wp1331733

However, if the NAT rule references an object-group and that object-group is changed while the NAT rule is still configured, traffic may still be dropped even after removing the NAT rule.

Conditions:
All of the following conditions must be matched to see this issue:

1) The ASA is configured with a twice NAT rule that uses a service translation
2) The object-group referenced in the NAT rule is edited (i.e. a new network-object is added to it) while the NAT rule is still configured
3) The NAT rule is removed from the configuration

Workaround:
Reloading the ASA after the offending NAT rule is removed will resolve the issue.

 

Bug Fixed in release : 9.1.5(1) or 9.1.2(100)

Regards

Karthik


推荐阅读:
  1. Cisco ASA防火墙原地址与目的地址NAT
  2. ASA Version 8.4(2)、NAT与HOST

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

nat cisco na

上一篇:topo研发管理系统的各项创新

下一篇:ViewPager手动创建中的问题

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》