Found an issue in 6.0 on a CCR where we had a SrcNat below a masquerade rule. It wasn’t getting hits which is because it was below. I moved it up for the customer into position 0 and it still was not getting hits. Actually required a reboot of the router to take effect. Just a small bug but caused us an unbelievable amount of headache.
It is not a bug. NAT rule catches only first packet of the connection. If connection is already established, then it will not be nated. You must clear connection table, reboot also helps.
Thanks! That is good to know.