When configure the NAT serve, displaying “the address collision with the destination address based on policy”

Publication Date:  2012-09-20 Views:  256 Downloads:  0
Issue Description
When Clients configure the NAT server to publish the server by USG5320 V100R005 firewall, it warns that “Global IP conflicts with destination nat, please use another one!”Fail to configure the NAT server mapping 
Alarm Information
none
Handling Process
Checking the customer configuration, finding that clients configure the destination NAT function in the untrust area. Result in that can’t configure the NAT server and can’t publish successfully.
The client’s key configuration:
sysname USG5320
#acl number 3001
  rule 0 permit ip
web-manager enable
web-manager security enable
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
#nat address-group 1 175.19.30.38 175.19.30.38
nat server 0 protocol tcp global 175.19.30.38 444 inside 192.168.1.3 443
# firewall statistic system enable
#interface GigabitEthernet0/0/0
ip address 192.168.0.1 255.255.255.0
#interface GigabitEthernet0/0/1
description ToHuLianWang
ip address  1.1.1.1 255.255.255.252
#interface GigabitEthernet0/0/2
description ToNeiWang                  
ip address 192.168.1.1 255.255.255.224
#interface GigabitEthernet0/0/3
#interface NULL0
#firewall zone local
set priority 100
#firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/2
#firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1            
destination-nat 3001 address 175.19.30.38          // it is ok after deleting the command.
#firewall zone dmz
set priority 50
#firewall zone vzone                     
set priority 0
#policy interzone trust untrust outbound
policy 0
action permit
#nat-policy interzone trust untrust outbound
policy 1
action source-nat
address-group 1
#aaa
local-user tqjl password cipher DT`;%52!-G(X!X<]K3BK;Q!!
local-user tqjl service-type telnet
local-user tqjl level 3                
local-user tgjl password simple Paerioer1
authentication-scheme default

ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
Root Cause
Checking the information for configuring the USG5320 by clients, finding that clients configure the destination NAT function in the untrust area.  Resulting in that when  doing the NAT server publish sever with the same public IP, the ip address shows “the global ip address is collision with the IP destination address be base on policy” 
Suggestions
none

END