No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
External Network Users Cannot Access Internal Servers After the NAT Server Is Configured

External Network Users Cannot Access Internal Servers After the NAT Server Is Configured

This section provides a case that external network users cannot access internal servers after the NAT server is configured.

Networking

Fault Symptom

  • The internal servers are required to provide Telnet and web services to external network users. The configuration is as follows:
    interface GigabitEthernet0/0/1 
     ip address 202.1.1.1 255.255.255.0
     nat server protocol tcp global current-interface telnet inside 1.1.1.1 telnet
     nat server protocol tcp global current-interface www inside 1.1.1.1 www
  • After the NAT server is configured, public network users cannot use Telnet to access the AR through the public network address 202.1.1.1:23 or use the web mode to access the AR through the public network address 202.1.1.1:80.

Fault Analysis

The configuration shows that well-known port numbers are used to provide services for external network users. The NAT server is unavailable because the carrier has disabled the two well-known port numbers on the Internet. Change the external port numbers to non-well-known port numbers as follows:

interface GigabitEthernet0/0/1
 ip address 202.1.1.1 255.255.255.0
 nat server protocol tcp global current-interface 1334 inside 1.1.1.1 telnet
 nat server protocol tcp global current-interface 1335 inside 1.1.1.1 www

Suggestion

  • When you configure the specified external port numbers of the NAT server, if the carrier has disabled the port numbers, the NAT server is unavailable. Therefore, you are advised to use non-well-known port numbers as external port numbers when you configure the NAT server.
  • The troubleshooting procedure for a failure to make the NAT server function take effect is as follows:

    Use the display nat session all command to check whether NAT entries exist.

    • If no entry is found, check whether the mapped public IP addresses can be used and the external port numbers are disabled.
    • If entries are found, check whether there are error statistics and obtain packets on interfaces and analyze them.
Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 444765

Downloads: 4299

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next