No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Intranet Users Cannot Access the Internal Server Using the Server's Public IP Address – nat solution

Publication Date:  2018-02-07 Views:  217 Downloads:  0
Issue Description

a local internet server (server1) under nat server rule can be accessed by remote user (PC2) on the public ip X.X.1.5 but cannot be accessed by internal network (PC1) using public address X.X.1.5


Handling Process

no reply to the ping from PC1 toX.X.1.5

Root Cause

B)As the internal user access the server using public IP, the source address used by the packet received by the server is that of the internal network. The ping will come back with destination the internal network address and PC1 will not recognize the reply packet. The packet will not pass in the firewall and pass directly from AR2 to PC1.For these reason PC1 cannot communicate with the internal server using public ip X.X.1.5.

C)Creating a nat pool and applying a nat source policy to the internal user, the server will reply with an external IP address as source, sending the packet to the firewall, the firewall will send back the reply to the internal that will receive a correct reply. PC1 can communicate with the internal server using public ip X.X.1.5.



create a source nat from the internal user to the internal server.

nat address-group nat_internal 0
 mode no-pat local
 section 0 X.X.1.25 X.X.1.30

  rule name NAT_from_internal

  source-zone trust
  destination-zone trust­­

  source-address 24

  destination-address 24

  action nat address-group nat_internal


remember to warrant that there is a route to the firewall for the reply packet to the public ip:

[AR2] ip route-static X.X.1.0