No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NAT server is not reachable using the port 80 from Internet

Publication Date:  2017-10-14 Views:  425 Downloads:  0
Issue Description

Provide fault symptom: Nat server configured using the port 80,  but is not reachable from Internet, this configuration was set on web.

Version information: V500R001C30SPC100

Network topology: 

Topology:

     TestPC(access http-server from Internet ) -----> (Untrust, G1/0/0, 200.93.198.170) USG (DMZ, G1/0/4, 192.168.40.1) -----> (192.168.40.120) Http Server


Nat server script information:

#

nat server eCommerceDemo 5 protocol tcp global 187.189.219.114 www inside 192.168.135.45 www no-reverse

nat server eCommerceDemoSSL 6 protocol tcp global 187.189.219.114 443 inside 192.168.135.45 443 no-reverse

nat server LyricVoipServerMapping 0 protocol tcp global 187.189.219.114 8091 inside 192.168.135.14 www no-reverse

#

Alarm Information

when access the http server, redirect to the USG webpage.



Handling Process

1.- Validate the session table if the traffic is going from untrust zone to trust zone.

display firewall session table verbose destination inside (IP address)

2.- Vaidate if the server was configured correct with the next command:

display nat server

   - In the server configuration could be displayed the IP of the server and the public IP, with the port 80



Solution

If you want to reach the server from internet using the port http (80), you could do the next changes on the configuration, in this case is very important to add the zone.

1.- Current onfiguration:

nat server Serverweb 0 protocol tcp global "public IP" www inside "internal IP" www no-reverse

2.- Need to add the zone untrust in the nat server configuration

nat server Serverweb 0 zone untrust protocol tcp globaln ''public IP'' www inside ''internal IP' www no-reverse

END