I Have configured a BYOD wireless ssid that is being forced to the internet via a port on our 2050. I am trying to get the network to be able to contact our mail server for exchange on mobile devices and also to have access to our content server redirect page. Our internal IP address for the BYOD is in the 172.x.x.x range. I am NATing these ip's to a public 204.x.x.x address.
The two servers I need to have these devices access both have NATed public IP addresses and are located on our internal network. I have tried setting up policies that utilize the source zone as the BYOD zone I created and the source address is the IP range of the BYOD internal network. For the destination I have tried both the internal IP of the servers and the Public NAT ip of the servers but cannot get commuinction between clients on the internal BYOD network and the two servers with the public NAT. I am having trouble determing the flow of things. Any Suggestions.
It sounds like you need to configure U-Turn NAT. This does NAT on the firewall but changes some parameters so that it hits the internal server directly rather than sending the traffic out to the Internet first.
Check this document out to see if it describes the issue and solves the problem:
Hope this helps!
i have configured a one web server NAT (one-to-one, server in the same zone as the clients) end Security Policies
this configuration enables functions of the web service, but prevents it from connecting to the internet/I mean disconnects the server. Is there a need of an additional configurations in order to solve this problem?
your second NAT rule(U turn) has to be seperate 2 rules.
1 for DMZ
1 for LAN
for DMZ you have to use source and destination NAT both
for LAN you only need destination NAT
also there should be a NAT rule downwards from these for internet with any destination address with source NAT
1- Clone inforep2 rule
2- Make rules source zone as DMZ for one, LAN for second rule
3- Source DMZ rule will have both source and destination NAT so do not touch it
4- Source LAN rule will have only destination NAT so clear source Nat
5- Write a third rule if there is not, for internet access Source zone DMZ and LAN destination address any source NAT with WAN interface.
is that clear ?
also try to monitor the logs for server look for source Nat and destination address from logs if there is anything missing
filter the logs for server upload a picture so that we can also look for.
there is also LAN rule to access to internet. this rule has in NAT Pol
The Problem is ....
Server is not working internet. (DMZ to internet www.*)
But webservice is working.(WAN from DMZ)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!