Intranet user access in extranet abnormally because of nat configuration fault

Publication Date:  2012-09-24 Views:  218 Downloads:  0
Issue Description
users access by two-wire line,there are 2 intranet,as fig1

After configuration finished intranet 1 can access in internet,but intranet 2 can not,slowly and can not open web page
Alarm Information
none
Handling Process
The policy of Users in trust to Unicom interzone applied,policy 0 is telecom NAT,stream in intranet 2 will matching policy0 first,convert to telecom port public network ip go out to Unicom links,can reach target,but return stream will by telecom links,for return with different Network Market Makers will cause access speed slow and can not open web usually
Delete telecom nat ,then normally,configuration like follows:

nat address-group 1 1.1.1.1 1.1.1.1 telecom address pool
nat address-group 2 2.2.2.2 2.2.2.2 unicom address pool
nat-policy interzone trust liantong outbound Unicom interzone
policy 1
action source-nat
policy source 192.168.2.0 0.0.0.255
policy source 192.168.1.0 0.0.0.255
address-group 2 unicom address pool

Root Cause
1 check routing configuration—normal
2 check Unicom links—normal
3 check packages filter—normal
4 check NAT  configuration—abnormal
nat address-group 1 1.1.1.1 1.1.1.1 telecom address pool
nat address-group 2 2.2.2.2 2.2.2.2 unicom address pool
nat-policy interzone trust liantong outbound Unicom interzone
policy 0
action source-nat
policy source 192.168.1.0 0.0.0.255
policy source 192.168.2.0 0.0.0.255
address-group 1 telecom address pool

policy 1
action source-nat
policy source 192.168.2.0 0.0.0.255
policy source 192.168.1.0 0.0.0.255
address-group 2 unicom address pool
Suggestions
Excessive line export environment,interzone nat address pool can only use each public port ip

END