Create a Post
Krishna
Participant

The NAT issue on CP firewall deployed in the Azure

We have built tunnel between the CP firewall (FW1) in Azure and CP firewall(FW2) in On-Primese.

The FW1 is a cluster and has two gateways in it. IP of gateway 1 is 10.10.10.4, IP of gateway 2 is 10.10.10.5 and IP of Cluster is 10.10.10.6. Gateway 1 is active

The tunnel initiation traffic/Phase 1 traffic is sent by the FW2 from port 500 to port 500 of FW 1.

We have done packet capture on the gateway 1 of FW1 and found that the the FW1 is receiving the traffic on cluster IP sent by the FW2, both source and destination ports are 500.

The gateway1 of the FW1 is replying to the FW2 from port 500 to port 500 of FW2

In the next packet while the gateway 1 IP is getting translated to the cluster IP i.e, from 10.10.10.4 to 10.10.10.6 the source port is also getting translated from port 500 to random port. Below are the logs collected from gateway 1

[vs_0][fw_0] eth0:o[180]: X.X.X.X -> 10.10.10.6 (UDP) len=180 id=20396
UDP: 500 -> 500
[vs_0][fw_0] eth0:o[180]: 10.10.10.4 -> X.X.X.X (UDP) len=180 id=10087
UDP: 500 -> 500
[vs_0][fw_0] eth0:O[180]: 10.10.10.6 -> X.X.X.X (UDP) len=180 id=10087
UDP: 12410 -> 500

 

 

Due to this the phase 1 of the tunnel is not getting established and the tunnel is not forming. Kindly provide a solution to this.

0 Kudos
3 Replies
This widget could not be displayed.