USG5310 external network web/Telnet manages equipment unsuccessful

Publication Date:  2012-11-15 Views:  178 Downloads:  0
Issue Description
The customer said the internal network web/Telnet manages equipment without any problems, but managing in external network can only ping equipment’s public IP, web/Telnet manages equipment unsuccessful.
Alarm Information
None.
Handling Process
Check the configuration found that the packet filtering are all opened, the related management services are opened. Finally found the customer made a full mapping, which mapped the export public network IP to internal server. Modify it to the detailed port mapping, problem is solved.
sysname USG5310
#
web-manager enable
web-manager security enable
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
#
nat address-group 1 222.240.205.42 222.240.205.45
nat server 0 global 222.240.205.42 inside 192.168.1.242
#
firewall statistic system enable
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
ip address 192.168.2.1 255.255.255.0 sub
#
interface GigabitEthernet0/0/2
ip address 222.240.205.42 255.255.255.248
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/2
add interface GigabitEthernet0/0/3
#
policy interzone trust untrust outbound
policy 1
action permit
policy source 192.168.0.0 mask 16
#
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 192.168.0.0 mask 16
address-group 1
#
aaa
local-user tanweilie password cipher D="QLID+9W_,UMD0PV(YO1!!
local-user tanweilie service-type web telnet
local-user tanweilie level 3
#
ip route-static 0.0.0.0 0.0.0.0 222.240.205.41
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
Root Cause
Doubt it is the packet filtering isn’t opened, or the port is occupied or the configuration is not completely.
Suggestions
We had better do the detailed port mapping when do “NAT server”, otherwise the original accessed equipment public IP addresses are changed into the internal server’s private network IP address, which brings unnecessary trouble.

END