Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 12.1.4, 18.104.22.168, 12.1.5, 22.214.171.124, 126.96.36.199, 188.8.131.52, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Aug 17, 2016
AFM NAT does not support proxy ARP for source translation addresses that are in the same subnet as the egress interface.
Since AFM NAT does not respond to ARP requests for the translated IP Address in the directly connected topology, the return traffic does not reach the BIG-IP system.
- AFM NAT source translation is being used. - The source translation IP address is in the same subnet as the egress interface (self IP address).
You can use either of the following workarounds: -- Use static ARP configuration for the AFM NAT source translated addresses (in same subnet as egress interface) on the downstream device. -- Use the routing topology instead (so that NAT Address is not in the same subnet as the egress interface).
This is now fixed by allowing a configuration option per AFM NAT Source translation object that can be enabled to allow AFM NAT to respond to ARP requests for these addresses. By default, it is disabled.