No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


Because of NAT configuration error can't access the internet

Publication Date:  2012-10-18 Views:  89 Downloads:  0
Issue Description

Equipment type: USG5560 V200R001
User dual line access, the default out external network through telecommunication lines, netcom line standby; Internal two segments, including a computer ( default out external network through netcom, after configured policy-based routing found access the networkabnormally, after cancel the policy-based routing it is normal.

Alarm Information
Handling Process
Add “no-reverse” behind the “NAT server” command can solve it, as follows:
nat server protocol tcp global 3389 inside 3389 no-reverse
After add “no – reverse” parameters, the first bag out does not match “server-map”, first matching policy-based routing and then rematch source NAT strategy conversion netcom address pool next jump go netcom line out network.
Root Cause
1. Check policy-based routing configuration - - - - - normal
2. Check the packet filtering strategy - - - - - - - - normal
3. Check the firewall session, found that the session out the external network converted the external network from netcom line, and the IP is telecom's public IP, appears back and come data take different ISP, cause the Internet is unnormal. See configuration found a “NAT server” configuration is as follows:
nat server protocol tcp global 3389 inside 3389
When configured this order, first bag out external network will through “server-map” prior in source NAT strategy.
The cause of the problem is not difficult, but the user configured a lot of function, the checking will take a long time, when many functions use together we should have clear processing way: confirm data flow - session – the modules will affect the data function - each function module configuration.