No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


How to Troubleshoot the Failure of Intrazone NAT Access on the USG2250

Publication Date:  2012-07-25 Views:  2 Downloads:  0

Issue Description

A customer uses the USG2250 as the enterprise egress device. The internal server releases the server on the public network by way of NAT Server. Intranet users cannot access the internal server through the public IP address of the server, whereas extranet users can normally access the server.

Alarm Information


Handling Process

Check the configuration. The ACL rule is enabled. The NAT server is not correctly configured.
Run the NAT server zone untrust command to release the address. The access to the intranet NAT is possible after the NAT server is modified.
The original configuration is as follows:
 nat server  zone  untrust protocol  tcp global  202.XXXX.XXX.XXX  www inside www
Modify the original configuration to the following:
 nat server protocol tcp global 202.XXXX.XXX.XXX   www inside www
The problem is solved.

Root Cause

1. The ACL is not correctly configured. The address defined by the ACL is not matched.
2. The NAT server is not correctly configured.
3. The intrazone NAT policy is not configured.