Troubleshooting guide
21
Chapter 3: Troubleshooting Network Address
Translation
In This Chapter:
Introduction ......................................................................................................................................................22
Resolving Common NAT Problems ...............................................................................................................22
Optimizing Network Performance with NAT...................................................................................................22
How to NAT (Network Address Translate) a DMZ host accessed by external hosts without applying the NAT
on the internal network ...................................................................................................................................22
How to set up Hide Mode Address Translation behind a dynamic address...................................................23
How to use Encryption with NAT and ICMP...................................................................................................23
How to Connect several illegal IP networks through the Internet...................................................................23
Is there a limitation on XLATE_HIDE? ...........................................................................................................24
How to Configure SecuRemote with Split DNS for an Internal DNS Server ..................................................24
How to use NAT when the IP address is embedded in the data area............................................................24
Does the ident service work with Hide NAT? .................................................................................................25
If the external IP address of the FireWall is an illegal address, can you connect to it via SecuRemote?......25
“Leaky” NAT ...................................................................................................................................................26
Cause..........................................................................................................................................................26
Troubleshooting ..........................................................................................................................................26
How to workaround this issue.....................................................................................................................26
1. Increase the TCP timeout value..........................................................................................................26
2. Increase TCP timeout for a specific service........................................................................................26
3. Increase the value out of the TCP start time out (tcpstarttimeout) parameter....................................26
4. Increase the value of the TCP end timeout (tcpendtimeout): .............................................................27
5. Change the relevant service to a service of type 'other' and not 'TCP':..............................................27
6. Applying the ACK Denial-Of-Service hotfix.........................................................................................27
Debugging NAT ................................................................................................................................................28
More Information..............................................................................................................................................28