No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NAT server is not reachable using the port 80 from Internet

Publication Date:  2017-10-14 Views:  493 Downloads:  0
Issue Description

Provide fault symptom: Nat server configured using the port 80,  but is not reachable from Internet, this configuration was set on web.

Version information: V500R001C30SPC100

Network topology: 


     TestPC(access http-server from Internet ) -----> (Untrust, G1/0/0, USG (DMZ, G1/0/4, -----> ( Http Server

Nat server script information:


nat server eCommerceDemo 5 protocol tcp global www inside www no-reverse

nat server eCommerceDemoSSL 6 protocol tcp global 443 inside 443 no-reverse

nat server LyricVoipServerMapping 0 protocol tcp global 8091 inside www no-reverse


Alarm Information

when access the http server, redirect to the USG webpage.

Handling Process

1.- Validate the session table if the traffic is going from untrust zone to trust zone.

display firewall session table verbose destination inside (IP address)

2.- Vaidate if the server was configured correct with the next command:

display nat server

   - In the server configuration could be displayed the IP of the server and the public IP, with the port 80


If you want to reach the server from internet using the port http (80), you could do the next changes on the configuration, in this case is very important to add the zone.

1.- Current onfiguration:

nat server Serverweb 0 protocol tcp global "public IP" www inside "internal IP" www no-reverse

2.- Need to add the zone untrust in the nat server configuration

nat server Serverweb 0 zone untrust protocol tcp globaln ''public IP'' www inside ''internal IP' www no-reverse