a local internet server (server1) under nat server rule can be accessed by remote user (PC2) on the public ip X.X.1.5 but cannot be accessed by internal network (PC1) using public address X.X.1.5
no reply to the ping from PC1 toX.X.1.5
B)As the internal user access the server using public IP, the source address used by the packet received by the server is that of the internal network. The ping will come back with destination the internal network address and PC1 will not recognize the reply packet. The packet will not pass in the firewall and pass directly from AR2 to PC1.For these reason PC1 cannot communicate with the internal server using public ip X.X.1.5.
C)Creating a nat pool and applying a nat source policy to the internal user, the server will reply with an external IP address as source, sending the packet to the firewall, the firewall will send back the reply to the internal that will receive a correct reply. PC1 can communicate with the internal server using public ip X.X.1.5.
create a source nat from the internal user to the internal server.
nat address-group nat_internal 0
mode no-pat local
section 0 X.X.1.25 X.X.1.30
rule name NAT_from_internal
source-address 192.168.3.0 24
destination-address 192.168.2.0 24
action nat address-group nat_internal
remember to warrant that there is a route to the firewall for the reply packet to the public ip:
[AR2] ip route-static X.X.1.0 255.255.255.0 192.168.0.2