Page 1 of 1
OA5510 ip filtering unstable - works sporadically.. help..
Posted: 26 Feb 2010 09:03
by milenski
I have configured NAT and I have configured an IP filter to prevent a certain IP address.
The problem is that the filter won't let any traffic for a while and eventually start working lets say 15 minutes after I have been trying ping and http requests - if I reboot the 5510 USG it works, if I leave it idle - without any traffic for a while, it stops working... 0_o It works, then it doesn't and than it works again - wtf am I doing wrong..
Attached is my configuration..
oops
Posted: 26 Feb 2010 12:42
by milenski
Removed all ip filtering, turns out that the problem persists - I guess NAT is not configured properly or is not working properly for some reason... Will investigate further on Monday. Any Ideas are welcome.
Posted: 27 Feb 2010 03:20
by benny
Maybe your WAN connection disconnects if idle for some time?
-b
Posted: 27 Feb 2010 06:08
by milenski
No, my wan connection is ok, NAT stops working for some reason..
Posted: 01 Mar 2010 16:24
by cedric1
open a case to ALU
Posted: 02 Mar 2010 01:41
by murraya
yep, please do. mine does the same with just NAT activated. can you let us know how you get on please
Posted: 08 Mar 2010 05:03
by murraya
I have found two ways to get the NAT back when it stops...
1 reboot (simple really)
2 unplug the WAN (fast ethernet port) then plug it back in.
Not really a fix, how are you getting on Milenski?
Posted: 29 Sep 2010 07:43
by milenski
Long time, no see:) but I am back.. Could you post your running configuration with NAT enabled, so that I can compare to mine?
Posted: 30 Sep 2010 00:44
by murraya
Hi, not sure if any use to you at present as I have had beta software written to fix my issue on NAT for SIP.
What type of NAT are you doing? is it for incoming from WAN or outgoing like SIP?
If the later then the firewall only stays open for a while so for incoming to remain open you need to have a keep alive like "sip option" configured.
NAT not working
Posted: 30 Sep 2010 06:32
by milenski
Hi, well I have configured source nat, so that I am able to provide internet to some users using one WAN ip address. The configuration is:
interface FastEthernet0
ip address 192.168.92.158/24
no shutdown
top
ip route 0.0.0.0/0 192.168.92.1 //default gw of the router
match-list Nat
1 tcp interface Vlan 2 any
2 icmp interface Vlan 2 any
3 udp interface Vlan 2 any
ip nat TestNat
1 match any Nat source-nat static
interface FastEthernet0
ip nat out TestNat
ip-policy nat
Actually - the whole configuration is in the attachment.
Would you like to exchange skype nicknames, sothat we can help each other on 5510 issues. I am also working with OXE.