Policy compiler stops processing rules with error message "Cannot create virtual address NN.NN.NN.NN"
This happens when you are using an option "Create virtual addresses for NAT rules". The problem is that policy compiler needs to be able to determine interface of the firewall to assign virtual address to. In order to do that it scans all interfaces trying to find subnet requested NAT address is on. Sometimes the firewall's interface has an address which belongs to a different network than the NAT address specified in the rule; in this case, the compiler cannot identify an interface and aborts.
The NAT rule still can be built without "-i" or "-o" option, but automatic assignment of virtual address is impossible. You need to turn off option "Create virtual addresses for NAT rules" in the tab "Firewall" of firewall dialog and configure this address manually.
Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
Using free CSS Templates.