ASANATBug

CSCun95075 - ASA drops packet due to nat-no-xlate-to-pat-pool after removing NAT rule

创新互联是专业的福绵网站建设公司,福绵接单;提供成都网站设计、成都网站制作,网页设计,网站设计,建网站,PHP网站建设等专业做网站服务;采用PHP框架,可快速的进行福绵网站开发网页制作和功能扩展;专业做搜索引擎喜爱的网站,专业的做网站团队,希望更多企业前来合作!

 

Symptom:
Once a twice NAT rule with a service translation is added, other traffic on the interface may also be dropped with a reason of nat-no-xlate-to-pat-pool. This is expected behavior and more details can be found here:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/access_fwaaa.html#wp1331733

However, if the NAT rule references an object-group and that object-group is changed while the NAT rule is still configured, traffic may still be dropped even after removing the NAT rule.

Conditions:
All of the following conditions must be matched to see this issue:

1) The ASA is configured with a twice NAT rule that uses a service translation
2) The object-group referenced in the NAT rule is edited (i.e. a new network-object is added to it) while the NAT rule is still configured
3) The NAT rule is removed from the configuration

Workaround:
Reloading the ASA after the offending NAT rule is removed will resolve the issue.

 

Bug Fixed in release : 9.1.5(1) or 9.1.2(100)

Regards

Karthik


本文名称:ASANATBug
网站网址:http://bzwzjz.com/article/psgjei.html

其他资讯

Copyright © 2007-2020 广东宝晨空调科技有限公司 All Rights Reserved 粤ICP备2022107769号
友情链接: 梓潼网站设计 高端定制网站设计 营销型网站建设 网站建设方案 企业网站设计 定制网站建设多少钱 成都网站设计 重庆网站建设 网站设计制作 定制网站设计 成都网站设计 成都网站建设推广 成都网站建设 LED网站设计方案 成都定制网站建设 温江网站设计 网站建设改版 高端品牌网站建设 重庆外贸网站建设 成都网站设计 网站建设费用 盐亭网站设计