I have an odd nat problem. It is occurring on a subnet that has VOIP ATA’s the traffic is being routed through a l2tp tunnel to my voice servers. I have similar setups with never this problem.
What is happening is that when the ATA first connects it registers correctly and the screen in ip firewall connections looks correct like in the attachment, but after some time the reply dst address changes to the client public ip, then the ata’s become ungregistered. I am able to fix this by selecting the bad connections and clicking the minus sign. Next time the ATA preregisters (1 min) the reply dst address is correct. I have tried adding additional masq rules, enabling and disabling the sip helper, and made sure the nat setting in asterisk was set to yes for the line (although that usually just creates one way audio if set incorrectly)
ATA 10.10.100.222
Client MT 10.10.100.1
Client MT VPN IP (assigned in secrets of CORE) 10.10.0.227
Client MT PUbic IP. (fake) 4.2.2.2
Relevent Nat rules, the number 3 rule was added to try to force the correct reply dst result.
3 chain=srcnat action=masquerade src-address=10.10.100.0/24
dst-address=10.10.30.0/24 out-interface=l2tp-out1
4 chain=srcnat action=masquerade src-address=10.10.100.0
Relevent routes in client device:
2 ADC 10.10.0.1/32 10.10.0.227 l2tp-out1 0
3 A S 10.10.30.0/24 10.10.0.1 1
4 ADC 10.10.100.0/24 10.10.100.1 phone bridge 0
Core MT Public IP (fake (8.8.8.
Core MT VPN Local IP 10.10.0.1
Core MT Inside IP 10.10.30.1
Voice server: 10.10.30.144
