Resolve the visit fault of NAT in the USG2250 region

Publication Date:  2012-09-12 Views:  280 Downloads:  0
Issue Description
A client bought a USG2250 as the way out of the company. Internal Server connects the public network by NAT SERVER. The client internal can’t visit the internal server by the IP Address of public network; public network can visit the server normally.
Alarm Information
Handling Process
Found out the problem is in the configuration of the NAT SEVER
The mode of the definition of IP Address that the client used is the nat server zone untrusts, change the mode to the nat server, the problem will be solved.
The configuration originally:
nat server zone untrust protocol tcp global 202.XXXX.XXX.XXX www inside www
Modifier it as:
nat server protocol tcp global 202.XXXX.XXX.XXX www inside www
Root Cause
1 Configuration of ACL is not right, not matching the IP Address of ACL.
2 Configuration of NAT SERVER is wrong.
3 Missing the NAT policy