A customer uses the USG2250 as the enterprise egress device. The internal server releases the server on the public network by way of NAT Server. Intranet users cannot access the internal server through the public IP address of the server, whereas extranet users can normally access the server.
Check the configuration. The ACL rule is enabled. The NAT server is not correctly configured.
Run the NAT server zone untrust command to release the address. The access to the intranet NAT is possible after the NAT server is modified.
The original configuration is as follows:
nat server zone untrust protocol tcp global 202.XXXX.XXX.XXX www inside 192.168.1.1 www
Modify the original configuration to the following:
nat server protocol tcp global 202.XXXX.XXX.XXX www inside 192.168.1.1 www
The problem is solved.
1. The ACL is not correctly configured. The address defined by the ACL is not matched.
2. The NAT server is not correctly configured.
3. The intrazone NAT policy is not configured.