czy po przejściu z wersji 8.4.5 na 9.1.2 zmieniło sie działanie NAT ? Nie widzę w release notes czegoś co by to usprawiedliwiało.
mamy
Kod: Zaznacz cały
nat (outside,dmz_vlan) source static any any destination static server-object_SMTPserver server-object_SMTPserver service tcp_587 tcp_25 no-proxy-arp
Kod: Zaznacz cały
packet-tracer input outside tcp 8.8.8.8 1 x.x.x.x 443
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in x.x.x.x 255.255.255.0 dmz_vlan
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: dmz_vlan
output-status: up
output-line-status: up
Action: drop
Drop-reason: (nat-no-xlate-to-pat-pool) Connection to PAT address without pre-existing xlate
Kod: Zaznacz cały
nat (outside,dmz_vlan) source static any any destination static server-object_SMTPserver server-object_SMTPserver no-proxy-arp
mamy zapięte s2s z pewnych wzgledów pomiędzy dmz x.x.x.x a 10.0.0.0/24 w zdalnej lokalizacji i nagle trach , też nie widzę jakiegoś wspomnienia w release notes
Kod: Zaznacz cały
object-group network DM_INLINE_NETWORK_11
network-object object whole_10.0.0.0
network-object object whole_172.16.0.0
network-object object whole_192.168.0.0
access-list vlan_dmz_access_in extended deny ip x.x.x.x 255.255.255.0 object-group DM_INLINE_NETWORK_11 log disable