Troubleshooting steps for when there is issue with NAT och routing

Last modified on 15 Apr, 2025. Revision 2
This text is thought to be some general suggestions on what to check if your Ipsec is down. This text is not all that might be needed, but should be considered to be part of the general check in this scenario.
Status OK

Routing or NAT Failure

Change Review

  • Check for recent changes to static routes, dynamic routes, or NAT rules.
  • Revert updates if they correlate with the issue.

Diagnostic Actions

  1. Inspect the route table via WebUI or CLI.
  2. Use the route -lookup command to check where a route is expected to be sent towards.
  3. Ping gateway and destination IPs:
    • Include flags such as -v, -srcif, -srcip, and -tcp port to trace how the traffic is processed by the firewall.
  4. Use traceroute from the firewall to validate routing paths.
  5. Run packet captures on ingress and egress interfaces.
  6. Review NAT rules and observe translation behavior.
  7. If using dynamic routing, check OSPF status and adjacency.

Recovery Milestones

  • Routing and NAT are functioning correctly.
  • External devices (e.g., next-hop or ISP) are the cause.
  • Rollback resolves the issue.

Related articles

No related articles found.



Tagscoretroubleshoot