Feature Requirements |
Series |
Models |
|---|---|---|
The ALG does not process TCP fragments. TCP fragments are transparently transmitted, but are not dropped. The size of TCP packets cannot be greater than the maximum segment size (MMS), and no TCP fragments are generated. |
NetEngine 8000 F |
NetEngine 8000 F1A |
ALG does not support packets longer than 2048 bytes. |
NetEngine 8000 F |
NetEngine 8000 F1A |
ALG sessions do not support hot backup. |
NetEngine 8000 F |
NetEngine 8000 F1A |
ALG supports TCP-based RTSP, not UDP-based RTSP. ALG also supports UDP-based SIP, not TCP-based SIP. |
NetEngine 8000 F |
NetEngine 8000 F1A |
The CGN ALG can identify packets only through well-known ports. For example, the FTP ALG needs to identify TCP port 21. For the packets that need to be processed by the CGN ALG, well-known ports must be used. |
NetEngine 8000 F |
NetEngine 8000 F1A |
FTP do not support two ALG scenarios. One is a private network client accesses a public network server in passive mode. The other is a public network client accesses a private network server in port mode. In these cases, the control session is not associated with the data session. As a result, the control session ages when data is being downloaded. A file can be properly transferred, but the FTP interface displays a transfer failure. |
NetEngine 8000 F |
NetEngine 8000 F1A |
ICMP sessions do not support hot backup. |
NetEngine 8000 F |
NetEngine 8000 F1A |
Redirection to a directly connected network segment IPv6 address is not supported in a NAT instance. |
NetEngine 8000 F |
NetEngine 8000 F1A |
A public network interface address is pinged using an IP address in an address pool as the source IP address. If the ping reply packet is fragmented into three or more fragments, the ping operation fails. Do not ping any address in a CGN public address pool, or ensure that the ping packet length does not exceed the interface MTU. |
NetEngine 8000 F |
NetEngine 8000 F1A |
Currently, NAT ALG can process only RTSP control messages of SETUP, REPLAY, and TEARDOWN. |
NetEngine 8000 F |
NetEngine 8000 F1A |
In outbound interface NAT scenarios, NAT-translated traffic cannot be steered to an SRv6 tunnel. |
NetEngine 8000 F |
NetEngine 8000 F1A |
In outbound interface NAT scenarios, a forward traffic policy (with only the next-hop IP address specified but not the outbound interface) needs to be configured on the inbound interface to redirect user upstream traffic, and redirection needs to be configured in the NAT instance. With the forward traffic policy, outbound interface NAT can be performed before traffic is forwarded through the outbound interface. Without the forward traffic policy, if both the next-hop IP address and outbound interface are specified in a traffic policy on the inbound interface, the traffic is forwarded directly through the outbound interface, without being processed by outbound interface NAT. With the forward policy configured, after outbound interface NAT is performed, to prevent the device from forwarding traffic through another outbound interface different from the original outbound interface, you need to configure redirection in the NAT instance. |
NetEngine 8000 F |
NetEngine 8000 F1A |
When NAT traffic distribution is configured on an outbound interface, an ACL rule takes effect on data flows based only on the protocol number, source/destination IP address, source/destination port number, VPN instance name, and fragment. NAT traffic distribution on an outbound interface does not support the following ACL rules: vpn-instance-any, TTL, and TCP-FLAG, destination-pool, packet-length, source-pool, destination-port-pool, source-port-pool, VXLAN, ICMP-type, time-range, ToS, DSCP, ip-precedence, and inconsecutive masks. |
NetEngine 8000 F |
NetEngine 8000 F1A |