No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

The USG6550 intranet user cannot access the intranet server through the public network address

Publication Date:  2019-11-29  |   Views:  151  |   Downloads:  0  |   Author:  hWX752025  |   Document ID:  EKB1100040957

Contents

Issue Description

The USG6550 intranet user cannot access the intranet server through the public network address


Handling Process

1. Check whether the intranet server can be accessed normally through the external network device. After checking, it is found to be normal.

 

1.      Check whether intra-domain NAT is configured. After checking, it is found to be normal, which is as follows:

rule name NAT Reflux
  source-zone trust
  destination-zone trust
  source-address address-set
Intranet users
  action nat address-group addressgroup1

2.      Check the configuration of the NAT server, which is as follows:

nat server AAA zone untrust protocol tcp global 183.233.255.XX 8090 inside 192.168.15.XXX 8090 no-reverse

It is found that the configuration security zone is configured with NAT server. It is normal after deleting the security zone.


Root Cause

The security zone added when the NAT server is configured is untrust. As a result, the external network access is normal while the intranet access fails.


Solution

1.      When configuring the NAT server, delete the security zone and do not configure the security zone, which is as follows:

nat server AAA protocol tcp global 183.233.255.XX 8090 inside 192.168.15.XXX 8090 no-reverse

2.      Add the security zone of the intranet when configuring the NAT server.

 

nat server AAA zone untrust  protocol tcp global 183.233.255.XX 8090 inside 192.168.15.XXX 8090 no-reverse

nat server BBB zone trust  protocol tcp global 183.233.255.XX 8090 inside 192.168.15.XXX 8090 no-reverse


Suggestions

You need to configure the NAT in the domain when you configure bidirectional NAT. You need to pay attention to the configuration of the IPSec policy when configuring the NAT server.