cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Contributor

4430, NAT dropping packets when internal server sending ack back to source

Jump to solution

Hello, I am having an issue with an adtran 4430  we have a windows 2008 R2 server I have created NAT for rdp, https, ssl and such.  But when i try to connect to it from externally the packets gets dropped.   I have tested the server internally and it works fine. Wireshark shows traffic is coming through the NAT and going to the server and server sending it back but it looks like the router drops the packet.  I have two internet connection..inbound traffic is coming in from XO, all internet traffic outbound going out of a comcast connection.  I only seem to have issues with the windows 2008 servers. I have other servers on the network (SERVER 2003)  that works fine...currently have sbs 2003 running and it works fine and i am trying to replace that with a 2008 server.  Firewall is disabled on the local 2008 server and i don't have a sniffer to figure out where the packets are going. But logically it seems the adtran is dropping the packet.  Any help would be greatly appreciated.

thanks

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
New Contributor

Re: 4430, NAT dropping packets when internal server sending ack back to source

Jump to solution

I figured it out...i just had to deny access for the internal ip address to the comcast connection and it worked.

Thanks the reply though.

View solution in original post

0 Kudos
3 Replies
Highlighted
Anonymous
Not applicable

Re: 4430, NAT dropping packets when internal server sending ack back to source

Jump to solution

- Based on the description of your setup, I believe the issue is that the port forward is coming in through the XO connection correctly, but the response is being sent back out the Comcast connection. The RPF check on the firewall is more than likely dropping the return traffic. There are a couple of steps you can take to resolve this issue:

1. If you would prefer that your port forwarding return traffic use the XO connection instead of the Comcast connection, you will need to configure a route-map on the LAN interface matching the return traffic and specifying the XO connection as the next-hop. The document below explains how to set up a route-map:

Configuring Policy Based Routing in AOS

2. You will also need to disable RPF check on the access-policies/security zones that are assigned to your WAN interfaces. This can only be done in the CLI. The command syntax is as follows:

router(config)# no ip policy-class <Policy-class NAME> rpf-check

If the above suggestions do not work, please reply to this post with your configuration. Please remember to edit any information that may be sensitive to your network. I will be more than happy to take a look at the configuration.

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor

Highlighted
New Contributor

Re: 4430, NAT dropping packets when internal server sending ack back to source

Jump to solution

I figured it out...i just had to deny access for the internal ip address to the comcast connection and it worked.

Thanks the reply though.

View solution in original post

0 Kudos
Highlighted
Anonymous
Not applicable

Re: 4430, NAT dropping packets when internal server sending ack back to source

Jump to solution

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor