Upgrade from R61 to R65, now static nat rules are not working

[danielwestendorf]

Hello all,

I had a working installation under R61, with some static nat rules. Everything worked great, but the hardware was getting old, so I decided to upgrade to a new system and an R65 release.

The export/upgrade seems to have gone fine, no problems there. Outbound access is working fine, our VPN tunnels are live. 95% happy.

Our inbound Nat rules are not working though. For each Host Node with a public IP address I have the 'Add Automatic Address Translation rules' box checked, the Translation method set to Static, and the Translate to IP Address box filled with it's respective static public IP. No dice. I've tried deleting the nodes and rules, and recreating them all manually, but no luck there either.

I was able to get them working by adding a Secondary IP to our external interface for each public IP. This has everything working for the time being, but I don't think it's correct as I didn't have to do this on our old installation.

Does anyone have any suggestions?
Troubleshooting steps?

Thanks for any help you can provide!

Daniel

 

[Danielpb]

Hi,

Couple of questions...

1. Is this single or distributed setup?
2. What OS is this running on IPSO, SPLAT etc
3. Can you see any ARP entries on the firewall for these NAT's

 

[tjbradford]

i would have moved to new hardware then upgraded the ipso , or viceversa , changing two things at the same time will make it more complex, I would check the arp entries , as the new box will almost defenetly have different mac addresses on its interfaces compared with that of the old box if you have restored from a backup the mac / arp entries are going to be pointing to a interface that nolonger exists. !