Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Public port randomization happens the moment we enable NAT on an interface. > Issue not seen in 18.3.8 and 20.3.2 > Issue observed in 20.1.12/20.3.1 Pre-nat: Vedge_test# show omp tlocs | tabADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192..168.1.21 12346 192.168.1.21 12346 :: 0 :: 0 up <<< Post NAT: Vedge_test# show omp tlocs | tab PUBLIC PRIVATE ADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 46460 192.168.1.21 12346 :: 0 :: 0 up This is causing issues in CU network as they are restricted ports open on their FW's/Public port randomization happens the moment we enable NAT on an interface. > Issue not seen in 18.3.8 and 20.3.2 > Issue observed in 20.1.12/20.3.1 Pre-nat: Vedge_test# show omp tlocs | tabADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 12346 192.168.1.21 12346 :: 0 :: 0 up <<< Post NAT: Vedge_test# show omp tlocs | tab PUBLIC PRIVATE ADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 46460 192.168.1.21 12346 :: 0 :: 0 up This is causing issues in CU network as they are restricted ports open on their FW's/
Enable NAT on interface
As a work around we can suggest for ? Port-Forward? configuration
Public port randomization happens the moment we enable NAT on an interface. > Issue not seen in 18.3.8 and 20.3.2 > Issue observed in 20.1.12/20.3.1 Pre-nat: Vedge_test# show omp tlocs | tabADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 12346 192.168.1.21 12346 :: 0 :: 0 up <<< Post NAT: Vedge_test# show omp tlocs | tab PUBLIC PRIVATE ADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 46460 192.168.1.21 12346 :: 0 :: 0 up This is causing issues in CU network as they are restricted ports open on their FW's/ Issue not seen in 20.1.2 and later, 20.3.2 and later.