Connections Timed Out Due to Incorrect NAT Server Configuration

Publication Date:  2015-07-02 Views:  217 Downloads:  0
Issue Description
Network Topology:

Database service


NAT Server was configured on the firewall and the connections from the client to the database server timed out.
Handling Process
Modify the NAT server configuration so that NAT can be implemented for all servers. 
Root Cause
1. The IP address of the client used in the test was and that of the server was The ping from the client to the server succeeded, indicating that the address translation on the firewall and connectivity were normal.

2. The timed-out packets were analyzed and it was found that the TCP connection between the client and server was normal. The server instructed the client to connect to port 1521 of the server at

However, the attempts to connect to port 1521 at failed multiple times. The client sent SYN packets, but the server did not reply. 

The NAT configuration on the firewall was examined and it was found that NAT server applied to only to the connection between and and did not apply to the connection to As a result, the communication failed.

nat server zone untrust global inside

The users needed to communicate with multiple servers, but NAT server was not configured for all servers, causing the failure of the communication between the users and some servers.