DNAT Limitations on some ports : Versa Support

Support Troubleshooting Troubleshooting (SDWAN)

DNAT Limitations on some ports

Modified on: Wed, 10 Jul, 2024 at 6:15 PM

DNAT on following ports is not allowed when DNAT is configured on WAN interface:

TCP: 22 (used for SSH)

UDP: 53(used for DNS), 67/68 (used for DHCP), 123(used for NTP), 500 and 3066(used for CMPv2), 3067(used for OSCP), 4500(used for IKE/IPsec), 3784 and 4784(used for BFD), 4790(used for VXLAN sdwan), 9201(used for DHCP lease sync)

Workaround:

If DNAT is configured on pool which is not configured on any versa interfaces, above restriction doesn’t exist.

Did you find it helpful? Yes No

DNAT Limitations on some ports

Modified on: Wed, 10 Jul, 2024 at 6:15 PM

More articles in Troubleshooting (SDWAN)