Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP CGN
Known Affected Versions:
11.3.0, 11.4.0
Fixed In:
11.5.0
Opened: Aug 06, 2013 Severity: 2-Critical
CGNAT may not maintain EIM behavior when it has many connections from the same client. A subscriber connecting through the CGNAT may not get the same translation address and port with the same subscriber and port as expected for Endpoint Independent Mapping behavior.
When this occurs, some applications may not operate correctly.
This occurs under the following conditions: LSN Pool mode = NAPT or Deterministic, Persistence = address-port, Inbound = OFF, many connections are going to the same host
To work around this issue, you can turn Inbound ON.
The same Client address:port now gets the same translation address:port regardless of host, which is correct behavior.