Can the Interface IP Address Be Used for NAT Server or NAT Outbound?
1. When the global IP address of NAT Server uses the interface IP address and the packet accesses the firewall, the firewall translates the destination IP address of the packet first. The IP addresses of packets accessing the interface are always replaced with the inside IP address of NAT Server. As a result, access to the interface fails and anomalies occur in ping probe, Web-based management, and Telnet-based management over this interface. Therefore, do not use the interface IP address as the global IP address of NAT Server. Instead, you can use protocol-based NAT Server in the case that protocols do not conflict with each other.
2. When the interface IP address is used for NAT outbound and a packet proactively accesses the interface IP address, this packet goes through the first-packet procedure and can normally access the interface, without being affected by NAT outbound configurations.