![]() The kernel table 'xlate_use_dport_services' If a Security Gateway uses GNAT, the destination port ('dport') is part of the pool, but it can still be 0, if the specific destination port is not present in the xlate_use_dport_services kernel table. If a Security Gateway uses static NAT port allocation, the destination port ('dport') is not part of the pool. The use of a destination port in the NAT pool If we use static port allocation, we use the 3-tuple: ![]() For example, the 2 NAT pools and are different because their destination IP addresses are different. Two connections can get the same port if their pools are different (at least one of the values is different). These properties are: IP protocol, Hide Source IP address, Destination IP address, and Destination Port (Destination Port is not always used, as explained below). To solve this issue, configure "Hide behind range" as described in sk140432. What is the format of the "NAT Exhausted Pool" label? Two connections can get the same port, if their NAT pools are different (at least one of the values is different). ![]() These properties are: IP protocol, Hide Source IP address, Destination IP address. When a Security Gateway allocates a source port for a Hide NAT operation, it can allocate the same port for different connections, as long as certain properties of the connections are different. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |