Outbound NAT Static port help
-
Hello I'm having a issue where i have source port re-writes disabled buy making a outbound rule for my host pc (172.16.20.221) to any destination any port and the Static Port option checked and the rule at the top of the list. Also Manual Outbound rule generation is checked. Below are some packet captures.
Running telnet Server WAN IP 18082
WAN Capture:
12:23:13.214005 IP MY WAN IP.54025 > Server WAN IP.18082: tcp 0
12:23:16.215007 IP MY WAN IP.54025 > 70.89.169.168.18082: tcp 0
12:23:22.215466 IP MY WAN IP.54025 > 70.89.169.168.18082: tcp 0LAN Capture:
12:24:28.888489 IP 172.16.20.221.54036 > Server WAN IP.18082: tcp 0
12:24:31.890122 IP 172.16.20.221.54036 > Server WAN IP.18082: tcp 0
12:24:37.888038 IP 172.16.20.221.54036 > Server WAN IP.18082: tcp 0Firewall: NAT Outbound Rules
Manual Outbound NAT rule Generation (AON) Checked
WAN >172.16.20.221/32 * * * * * Static Port -YESWAN 172.16.20.0/24 * * 500 * * YES
Auto created rule for ISAKMP - LAN to WAN
WAN 172.16.20.0/24 * * * * * NO
Auto created rule for LAN to WAN
WAN 127.0.0.0/8 * * * * 1024:65535 NO
Auto created rule for localhost to WAN
WAN 192.168.1.0/24 * * 500 * * YES
Auto created rule for ISAKMP - LAB to WAN
WAN 192.168.1.0/24 * * * * * NO
Auto created rule for LAB to WAN
WAN 127.0.0.0/8 * * * * 1024:65535 NOAny Ideas what else to check?
-
Your capture isn't really a good test since they were not done on both interfaces simultaneously, and telnet will use a dynamic source port.
Check the state table - Diagnostics > States . Filter on your IP. Check the entries that look like:
LAN.IP:YYYY -> WAN.IP:YYYY -> Server:ZZZZ
As long as the port on the LAN and WAN IPs match, static port is working correctly.