No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


When a Terminal Accesses a Remote Server Through a Proxy Server, the Translated IP Address of the Server Is Displayed

Publication Date:  2014-01-06 Views:  660 Downloads:  0
Issue Description
The Eudemon 1000E version is V200R001C00SPC600. Three security areas Localoss, SZ, and CAZ are defined on the firewall. The Localoss area is the terminal access area, the SZ zone is the server area, and the CAZ zone is the proxy server area. Each security area connects to the firewall through a Layer 2 switch. The firewall works on Layer 3.
NAT is enabled between the SZ and CAZ areas. The mapping is to, in which is the IP address of the proxy server. Packets can be forwarded from the SZ area to Localoss area, and from the SZ area to CAZ area. Packets are filtered from the Localoss area to the SZ area to prevent terminals from directly accessing the SZ area. Terminals must use the proxy server to access the SZ area.

When a PC in the Localoss area accesses a server in the SZ area through the proxy server in the CAZ area, the translated IP address of the remote server ( is displayed on Internet Explorer of the PC. The IP address of the proxy server ( is not displayed.
Alarm Information
Handling Process
Specify a security area for the public network IP address.
nat server SZ global inside
Root Cause
First, check whether a fault occurs on the NAT server.
Before the fault on the NAT server is rectified, the NAT server is configured as follows:
nat server global inside
In the preceding command, no security area is specified for the public network IP address. Therefore, each security area knows only the translated IP address of the remote server ( A reachable route from the PC to exists. After a PC logs in to the proxy server, the translated IP address of the remote server is displayed.
Specify a security area after enabling the NAT server function on the firewall.