disabled static nat still seems to be working

[draegloth]

Hi guys,

I have a star vpn topology and the end points are vpn edge boxes with running firmware version of 6.5.43.

I have disabled NAT inside the VPN community.

I've a sip proxy on the center site. I've been natted the machine on an internet IP for some testing, after testing I've disabled that nat rule.

The problem is, when I capture sip packets i saw that the IP address on the sip packets form egde to center contains the lokal IP address of the sip proxy. However on the return packets I saw the natted IP address when I making tests. I've checked the objects_5.0.c file but I saw nothing related to this IP addr.

Do you have any idea how to clear this natted IP address?

Regards...

[melipla]

Quote:

Originally Posted by draegloth

Do you have any idea how to clear this natted IP address?

The R60 HFA 05 release notes give a pretty clear picture of what is (and wasn't) supported for NAT regarding SIP. However I'm not sure how this translates into Edge versions.

[draegloth]

Sorry guys it seems that i forget to give the version on my center site. The center site version is R61 HFA01.

[MarioL]

You probably haven't compiled the policy for the Edge's, so they are still fetching a policy with the NAT rule active.

[RayPesek]

Seems to me that NAT is not cleared when the rule is removed and a policy is pushed. I think you have to wait a bit for it to expire.

If you waited more than an hour, this probably is not it.

Ray

[draegloth]

I waited more than 3 days however the result still the same. I think that this is a bug for sip.

[RayPesek]

Yeeesss, I think three days is more than enough. :-)

Ray

[melipla]

Quote:

Originally Posted by draegloth

I waited more than 3 days however the result still the same. I think that this is a bug for sip.

Most likely...

By chance, if you log into the edge device and go to Setup -> Tools -> Diagnostics, do you see the NAT rule at the bottom of the page?

Also, which edge firmware are you using?