OPERATIONAL DEFECT DATABASE
...
...
Public port randomization happens the moment we enable NAT on an interface. > Issue not seen in 18.3.8 and 20.3.2 > Issue observed in 20.1.12/20.3.1 Pre-nat: Vedge_test# show omp tlocs | tabADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192..168.1.21 12346 192.168.1.21 12346 :: 0 :: 0 up <<< Post NAT: Vedge_test# show omp tlocs | tab PUBLIC PRIVATE ADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 46460 192.168.1.21 12346 :: 0 :: 0 up This is causing issues in CU network as they are restricted ports open on their FW's/Public port randomization happens the moment we enable NAT on an interface. > Issue not seen in 18.3.8 and 20.3.2 > Issue observed in 20.1.12/20.3.1 Pre-nat: Vedge_test# show omp tlocs | tabADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 12346 192.168.1.21 12346 :: 0 :: 0 up <<< Post NAT: Vedge_test# show omp tlocs | tab PUBLIC PRIVATE ADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 46460 192.168.1.21 12346 :: 0 :: 0 up This is causing issues in CU network as they are restricted ports open on their FW's/
Enable NAT on interface
As a work around we can suggest for ? Port-Forward? configuration
Public port randomization happens the moment we enable NAT on an interface. > Issue not seen in 18.3.8 and 20.3.2 > Issue observed in 20.1.12/20.3.1 Pre-nat: Vedge_test# show omp tlocs | tabADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 12346 192.168.1.21 12346 :: 0 :: 0 up <<< Post NAT: Vedge_test# show omp tlocs | tab PUBLIC PRIVATE ADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 biz-internet ipsec 0.0.0.0 C,Red,R 1 192.168.1.21 46460 192.168.1.21 12346 :: 0 :: 0 up This is causing issues in CU network as they are restricted ports open on their FW's/ Issue not seen in 20.1.2 and later, 20.3.2 and later.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
