Today I was trying to reclaim 10 IPs from a vSE in vCloud. The IPs were part of a a sub-allocate IP pool and had a destination and source NAT. I deleted the DNAT/SNAT by highlighting them as a group and pressing delete. This worked OK but as soon as I tried to remove the IPs from the sub-allocate IP pool, I received the error:
I verified that the IPs were no longer in use anywhere in vCloud or on the vSE VM itself. I then tried to re-deploy the vSE service configuration and re-deploying the vSE, but neither of these resolved the issue. I then re-added the DNAT for the first IP in the range I was trying to delete. Once the vSE was updated with the new DNAT, I immediately deleted it. Now when I tried to delete the sub-allocate IP pool, I received the same error but for the next IP in the range. I then went through the same process for each of the remaining IPs and the issue was resolved.
I was able to reproduce the issue in another environment as well. It seems like it’s an issue with multi-select and deleting NAT rules. It’s like they disappear from the UI, but are still present somewhere else. Deleting NAT rules one at a time did not cause an issue. This was with vCloud 5.1.2 and vShield 5.1.2a.
I’ve noticed the same thing, seems vCloud doesn’t flush the IP table correctly. A quick DB fix in the link.