No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Internal users can't access Internal Server based on Public IP address

Publication Date:  2017-08-14 Views:  538 Downloads:  0
Issue Description

Product: USG6300 

Software version: V100R001C30

Problem: Internal users can't access Internal Server based on its Public IP address, but external users can access it normally 

Network Topology:  


Alarm Information

Can't reach the Internal server "Web Server" based on its public IP address or URL shown below screen when trying to access:


Handling Process

1. Customer is trying to access the Internal server "Web Server" using its Public IP address, not using private IP address altough the server and client on the same subbnet.

2. The traffic coming from outside the network "External users" can access the Internal server normally using the configured server mapping "translate the public IP address of the server to private IP address" 

3. With captured the traffic from the Internal user PC to the serer, the traffic coming from inside the network "Internal users" can't reach the Internal server "Web Server" with its public IP address because it doesn't know it and need to be translated as below: 

   a. The destination IP address of Internal user's request packet need to translate into the Intranet IP address of the Internal server "Web Server".

   b. The source address need to translate into a public IP address.

   c. The source address of the response packet sent by the Internal server "Web Server" need to translate into a Public IP address. 

   d. The destination IP address need to translate into the user's intranet IP address.

Root Cause
Internal users can't reach the Public IP address of the Internal server "Web Server" as there's no Source NAT configured that will translate the destination IP address of Internal user's request packet into the Intranet IP address of the Internal server "Web Server", and source address into a public IP address, same as reverse path.
Solution

1. Configure Server Mapping to allow external users to access  the Internal server "Web Server" as below: 



2. Configure Source NAT policy from trust zone to trust in order to allow Internal users to access the Internal server "Web Server" based on the server’s public IP address as below:



3. The Source address group "Internal" contain the required Internal subnets permintted to access the Internal server "Web Server" based on its Public IP address as below:


END