Create a Post
Showing results for 
Search instead for 
Did you mean: 

CCSE Lab R81.20

Hi Bro,


I’m in the process of constructing a CCES Lab R81.20 and have encountered an unusual issue that has been perplexing me for the past two weeks.

According to the experimental topology, the eth1 port of a firewall, designated as A-GW, is linked to the eth0 port of a router named Border-Router. The router’s eth1 port provides a connection to the internet. The IP address assigned to A-GW’s eth1 port is, while Border-Router’s eth0 port is configured with the IP address

At present, A-GW is able to ping Border-Router’s eth0 port successfully. However, it is unable to ping the IP address or establish any internet connectivity. Interestingly, PCs within the same network segment have no issues accessing the internet. Oddly enough, altering A-GW and Border-Router's IP address to a different network segment, such as or, without modifying any other settings, suddenly enables internet access for the firewall.

Could you suggest what might be causing this issue?


Thank you so much!

0 Kudos
2 Replies
Champion Champion

For my ATC lab setups I just use Vyatta as the Border-Router which is very simple to set up with some static routing & masquerade NAT to permit Internet access.  Run a packet capture on the external interface of Border-Router, are the pings sent by the gateway actually leaving the outside interface of Border-Router?  (probably) Are they NATted correctly? (probably not)  For successful pings initiated from behind A-GW what NAT address are those networks hiding behind?  What happens if you hide them behind the gateway's address instead? 

My guess is that you have left the Install On field of your NAT rules at "Any" and not confined them to a single gateway, and both A-GW and Border-Router are attempting to execute each other's NAT rules inappropriately.

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos

Hello Timothy_Hall,


Thank you so much for your advice.


The issue has been resolved after deleting a NAT policy that generated automatically. 


Have a great weekend!


Thanks again! 

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events