NAT source partially works


#1

I have several rules for NAT source. Any device that does not have a specific source nat uses rule 1000 and it works. However, rule 40 “sorta” works. By that, I mean some services work and some don’t. For instance, I cannot ping anything on the outside of my network. If I disable the rule and let it go to rule 1000, every thing works fine.

Any ideas?

(partial show conf)
set destination rule 40 description ‘xxx’
set destination rule 40 destination address ‘xxx.xxx.xxx.132’
set destination rule 40 inbound-interface ‘eth2’
set destination rule 40 translation address ‘100.64.40.78’

set source rule 40 outbound-interface ‘eth2’
set source rule 40 source address ‘100.64.40.78/32’
set source rule 40 translation address ‘xxx.xxx.xxx.132’

set source rule 1000 outbound-interface ‘eth2’
set source rule 1000 source address ‘100.64.0.0/10’
set source rule 1000 translation address ‘masquerade’


#2

Well, shot myself in the foot again… I copied a previous entry and used the incorrect outbound interface. It worked part way but not all the way… strange that it worked at all.