No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Because of NAT configuration error can't access the internet

Publication Date:  2019-07-17 Views:  189 Downloads:  0

Issue Description


Equipment type: USG5560 V200R001
User dual line access, the default out external network through A lines, B line standby; Internal two segments, including a computer (192.168.2.10) default out external network through B, after configured policy-based routing found access the networkabnormally, after cancel the policy-based routing it is normal.




Alarm Information

None.

Handling Process

Add “no-reverse” behind the “NAT server” command can solve it, as follows:
nat server protocol tcp global X.X.1.1 3389 inside 192.168.2.10 3389 no-reverse
After add “no – reverse” parameters, the first bag out does not match “server-map”, first matching policy-based routing and then rematch source NAT strategy conversion netcom address pool X.X.2.2 next jump go B line out network.

Root Cause

1. Check policy-based routing configuration - - - - - normal
2. Check the packet filtering strategy - - - - - - - - normal
3. Check the firewall session, found that the 192.168.2.10 session out the external network converted the external network from B line X.X.1.1, and the IP is A's public IP, appears back and come data take different ISP, cause the Internet is unnormal. See configuration found a “NAT server” configuration is as follows:
nat server protocol tcp global X.X.1.1 3389 inside 192.168.2.10 3389
When configured this order, 192.168.2.10 first bag out external network will through “server-map” prior in source NAT strategy.

Suggestions

The cause of the problem is not difficult, but the user configured a lot of function, the checking will take a long time, when many functions use together we should have clear processing way: confirm data flow - session – the modules will affect the data function - each function module configuration.

END