The client used the USG5350 V1R3, and accessed the double-port: GigabitEthernet0/0/0：X.X.204.177/24, passed the tunnel 1. The IP of GigabitEthernet0/0/1 is X.X.38.82/24,and passed the tunnel 2. There is a vender switch 9306 accessed at the below, several network segments are in the access layer. There are two servers connected directly with the core switch, and their IP are 220.127.116.11/24 and 18.104.22.168/24 respectively.
The topology and configuraton is attached in the accessories.
The client wanted to configure the Domain NAT and let the internal network users to access the internal server through the public network. Policy-based routing and static routing are configured successfully, whereas, the domain NAT can’t take effect.