NAT server reverse dialog and return path inconsistency result in business not successful

Publication Date:  2012-09-22 Views:  156 Downloads:  0
Issue Description
Usg3040:public network exit,report server by public address,and configured default routing and return routing to vlan2
Cisco1841:configured default routing to another network and return routing to vlan2
Cisco3750:divided vlan1(4 port)and vlan2(1、2、3 port),configured vlan address respectively。The address of 1、2port link with usg3040 and cisco1841 are configured same as vlan2,configured default routing to ADSL exit.
Pc part:different network with server,gateway is vlan1 address
Server part: gateway to usg3040,or cisco1841
Fault:if server gateway to cisco1841,pc can access in server by public network or private network;if server gateway to usg3040,pc can only access in server by public network
Alarm Information
Handling Process
1、pc can access in server by public network,it looks like to usg3040 through ADSL,not refer to nat
2、pc can not access in server by intranet network,probability because sent/return path inconsistency,closedown state detection of usg3040,pc can ping intranet,but replay address is public address of usg3040  
3、Because of cisco1841 is the same networking and configuration with usg3040,gateway in usg3040 can not accessing cisco1841 did not configure mapping address to server,but usg3040 did it,and global address which used is pc replay address form ping intranet address

4、based flow of nat server sent message,when pc use private address ping server,should matching reversing dialog of nat server,so replay global address of mapping,icmp message can accessed,others based on tcp can not access in for replay address had been changed
5 If suggest user do configuration change in cisco3750,refer lots of justification,user don’t accept put all of gateway point to cisco1841. Based on flow of message accessed,configure routing in server,interworking by the least changed,and usg 3040 have no use for closedown dialog state-inspection
Root Cause
1 networking not correct
2 configuration of routing problem
3 sent message problem of usg3040