A user fails to access a server through a public address when the user on the AR and the server are in the same VLAN and the NAT server is configured on the VLANIF interface

11

A private user device and server connect to the same VLANIF interface on the same subcard. When the NAT server is configured on the VLANIF interface to map the public network address of the server, the response packets sent by the server to the private user device cannot be sent to the CPU for translation. As a result, the private user device cannot connect to the server. To solve this problem, configure outbound NAT on the VLANIF interface. The response packets sent by the server to the user device pass the AR and the address in the packets is translated. Then the AR forwards the packets to the private user device. The private user device can connect to the server.

Other related questions:
Private network user and server are in the same VLAN. After NAT server is configured on the VLANIF interface, why cannot the user access the server using public address
The private network user and server are connected to the same VLANIF interface and the same subcard. After the nat server command is executed in the VLANIF interface view to map the server IP address to a public network address, the response packet sent by the server to the user cannot be sent to the CPU, so the packet address cannot be translated. As a result, the user cannot connect to the server. To solve this problem, run the nat outbound command on the VLANIF interface so that the server's response packet can be sent to the router and the packet address can be translated. The router then forwards the packet to the user. The user can connect to the server.

An internal user cannot access the internal server through the public address
An intranet user cannot use a public address to access an intranet server. Use the following method: 1. Check whether services on the intranet NAT server are running properly. 2. Check whether the NAT server is configured correctly. 3. Check the connection between the external host and NAT server and the configurations of the connected interfaces. 4. Check that the intranet NAT server is configured with the correct gateway address or route.

Users fail to access the server through the IPSec tunnel on the AR
Users fail to access the server through the IPSec tunnel. For details, see Users Fail to Access the Server Through the IPSec Tunnel Because the TCP MSS Value on the AR Is Incorrect.

Enabling intranet users to access the internal server on the same subnet of the same security zone through a public IP address
Enabling intranet users to access the internal server on the same subnet of the same security zone through a public IP address Configure a source NAT policy with the source and destination security zones being the security zone where the users and intranet servers reside to translate source IP addresses of intranet users into a public address. Then configure NAT Server to translate the destination addresses of packets destined for the public address of the servers into private addresses.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top