An internal user cannot access the internal server through the public address

1

An intranet user cannot use a public address to access an intranet server. Use the following method:
1. Check whether services on the intranet NAT server are running properly.
2. Check whether the NAT server is configured correctly.
3. Check the connection between the external host and NAT server and the configurations of the connected interfaces.
4. Check that the intranet NAT server is configured with the correct gateway address or route.

Other related questions:
Configure NAT on the AR router to allow internal hosts to access internal servers using an external IP address
All models of Huawei AR routers in V200R003C01 and later versions allow internal and external users to access internal servers by configuring static NAT. GE1/0/0 on the router connects to the internal network and its IP address is 192.168.1.1/24. GE2/0/0 on the router connects to the external network and its IP address is 11.11.11.1/8. The internal server has an internal IP address 192.168.1.2/24 and an external IP address 11.11.11.6. The internal host at 192.168.1.3/24 wants to access the internal server. The configuration details on the AR router are as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface GigabitEthernet1/0/0 [Huawei-GigabitEthernet1/0/0] ip address 192.168.1.1 24 [Huawei-GigabitEthernet1/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 11.11.11.1 8 [Huawei-GigabitEthernet2/0/0] quit 2. Configure a default router to ensure interconnection between internal users and the external network. [Huawei] ip route-static 0.0.0.0 0.0.0.0 11.11.11.2 3. Configure internal users to access internal servers. The internal host use 11.11.11.6 to access servers. NAT is implemented through GE1/0/0 and one-to-one NAT is configured on the internal network service only when service requests are initiated from the internal network. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet1/0/0 [Huawei-GigabitEthernet1/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Huawei-GigabitEthernet1/0/0] nat outbound 2000 [Huawei-GigabitEthernet1/0/0] quit 4. Configure external users to access internal servers to ensure that external users use 11.11.11.6 to access internal servers. [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Huawei-GigabitEthernet2/0/0] quit

Intranet users cannot access the internal server using a domain name, but they can access the internal server using an IP address
Q: Intranet users cannot access the internal server using a domain name, but they can access the internal server using an IP address. A: Ping the domain name and check whether the public IP address can be parsed. If the IP address cannot be correctly parsed, check whether the account password and DNS information are correct. Configure DDNS software on the PC to check whether the IP address can be parsed. If no error is found in the preceding operations, contact the carrier to check the DDNS server. Check whether the DDNS server synchronizes the updated domain name to the DNS server. The causes are as follows: It is used in the scenario where terminals use PPPoE dial-up. The router runs normally when users can access the internal server using IP addresses. DNS resolution is the first step to access a domain name. Because the PPPoE interface dynamically obtains an IP address from a carrier, the DDNS server must send the updated mapping between the domain name and IP address to the DNS server in real time. Check whether the DDNS server synchronizes the updated domain name to the DNS server.

Users on an internal network cannot access Internal servers using domain names. Why
When a user device accesses the internal server using a domain name, whether the domain name contains the host name varies. Therefore, you have to configure different DNS domain names in the following two situations. For example, you want to access the domain name www.hbjs.gov.cn.
  • When the DNS Request packet sent by the user device contains the host name, that is, the user device uses the domain name www.hbjs.gov.cn to access the internal server, run the nat dns-map www.hbjs.gov.cn global-address global-port { tcp | udp } command.
  • When the DNS Request packet sent by the user device does not contain the host name, that is, the user device uses the domain name hbjs.gov.cn to access the internal server, run the nat dns-map hbjs.gov.cn global-address global-port { tcp | udp } command.
NOTE:

If you are not sure whether the DNS Request packet sent by the device contains the host name or not, it is recommended that you configure both the preceding commands.


If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top