Cause for the interruption of the USG5000 after the NAT is configured


Check whether the interzone policy is enabled on the firewall.

Other related questions:
Why is service (such as voice) interrupted after being configured with NAT or firewall
The aging time of session table is shorter than the aging time of the service. The session table is aged out, while the service is not. The service packets sent after session table aging are discarded, so the service is interrupted. Run the firewall-nat session aging-time command to increase the TCP/UDP timeout interval.

Meaning of the NAT on the USG2000 and USG5000
The Network Address Translation (NAT) is an address translation technology. It can convert the address in an IPv4 packet header to another address. Generally, the NAT is used to convert a private IP address in the IPv4 packet header to a public IP address, so that multiple users on the private network can access the Internet using less public IP addresses. Therefore, the NAT technology can address the IPv4 public address shortage issue caused by the expansion of the Internet scale.

Method used to test whether the USG5000 is accessible after NAT Server is configured
You can test the accessibility by accessing the firewall from the external network or testing the external network port using the Telnet utility.

FAQ: The ip source check user-bind enable command executed in a VLAN view causes service interruption
[Problem Description] 1. Symptom The ip source check user-bind enable command executed in a VLAN view causes service interruption. 2. Networking Terminal �?S2700 �?S5700 (Gateway) 3. Configuration # dhcp enable dhcp snooping enable user-bind static ip-address mac-address 80fa-0367-db33 # vlan 34 dhcp snooping enable ip source check user-bind enable # interface Ethernet0/0/2 port link-type access port default vlan 34 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 [Alarm] None. [Troubleshooting] Delete the ip source check user-bind enable command from the VLAN view and then run this command in an interface view to restore the services. [Root Cause] If a command is executed in the VLAN view, the command takes effect for all packets received by all interfaces in the VLAN, including the uplink interface GigabitEthernet0/0/1. Source IP addresses of Layer 3 packets received by the uplink interface are different, and the source MAC addresses are the MAC address of the S5700 switch. The packets that do not match any binding entry are discarded, causing service interruption. [Summary and Suggestions] 1. Using the ip source check user-bind enable command or other commands related to IPSG in the VLAN view causes service interruption. 2. Before using the commands in the VLAN view, run the user-bind static mac-address command to bind the MAC address and IP address of the Layer 3 interface of the uplink gateway.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top