OA5510 ip filtering unstable - works sporadically.. help..

milenski · Post by **milenski** » 26 Feb 2010 09:03

I have configured NAT and I have configured an IP filter to prevent a certain IP address.

The problem is that the filter won't let any traffic for a while and eventually start working lets say 15 minutes after I have been trying ping and http requests - if I reboot the 5510 USG it works, if I leave it idle - without any traffic for a while, it stops working... 0_o It works, then it doesn't and than it works again - wtf am I doing wrong..

Attached is my configuration..

milenski · Post by **milenski** » 26 Feb 2010 12:42

Removed all ip filtering, turns out that the problem persists - I guess NAT is not configured properly or is not working properly for some reason... Will investigate further on Monday. Any Ideas are welcome.

benny · Post by **benny** » 27 Feb 2010 03:20

Maybe your WAN connection disconnects if idle for some time?

-b

milenski · Post by **milenski** » 27 Feb 2010 06:08

No, my wan connection is ok, NAT stops working for some reason..

cedric1 · Post by **cedric1** » 01 Mar 2010 16:24

open a case to ALU

murraya · Post by **murraya** » 02 Mar 2010 01:41

yep, please do. mine does the same with just NAT activated. can you let us know how you get on please

murraya · Post by **murraya** » 08 Mar 2010 05:03

I have found two ways to get the NAT back when it stops...
1 reboot (simple really)
2 unplug the WAN (fast ethernet port) then plug it back in.
Not really a fix, how are you getting on Milenski?

milenski · Post by **milenski** » 29 Sep 2010 07:43

Long time, no see:) but I am back.. Could you post your running configuration with NAT enabled, so that I can compare to mine?

murraya · Post by **murraya** » 30 Sep 2010 00:44

Hi, not sure if any use to you at present as I have had beta software written to fix my issue on NAT for SIP.
What type of NAT are you doing? is it for incoming from WAN or outgoing like SIP?
If the later then the firewall only stays open for a while so for incoming to remain open you need to have a keep alive like "sip option" configured.

milenski · Post by **milenski** » 30 Sep 2010 06:32

Hi, well I have configured source nat, so that I am able to provide internet to some users using one WAN ip address. The configuration is:

interface FastEthernet0
ip address 192.168.92.158/24
no shutdown
top

ip route 0.0.0.0/0 192.168.92.1 //default gw of the router

match-list Nat
1 tcp interface Vlan 2 any
2 icmp interface Vlan 2 any
3 udp interface Vlan 2 any

ip nat TestNat
1 match any Nat source-nat static

interface FastEthernet0
ip nat out TestNat

ip-policy nat

Actually - the whole configuration is in the attachment.
Would you like to exchange skype nicknames, sothat we can help each other on 5510 issues. I am also working with OXE.

Alcatel Unleashed

OA5510 ip filtering unstable - works sporadically.. help..

OA5510 ip filtering unstable - works sporadically.. help..

oops

NAT not working