Intranet access fails after redirection to a next hop is configured on an AR router


Intranet access does not need redirection. Supposed that the intranet is composed of two network segments 1.0 and 2.0, and traffic transmitted over 1.0 is redirected to A Telecom Carrier and traffic transmitted over 2.0 is redirected to B Telecom Carrier, mutual access between 1.0 and 2.0 fails. How to solve this problem?
acl number 3000
rule 5 permit ip source destination
acl number 3001
rule 5 permit ip source
acl number 3002
rule 5 permit ip source
traffic classifier no-redircet operator or
if-match acl 3000
traffic classifier redirect-dx operator or
if-match acl 3001
traffic classifier redirect-lt operator or
if-match acl 3002
traffic behavior no-redirect
traffic behavior redirect-dx
redirect ip-nexthop
traffic behavior redirect-lt
redirect ip-nexthop
traffic policy celvluyou
classifier no-redircet behavior no-redirect
classifier redirect-dx behavior redirect-dx
classifier redirect-lt behavior redirect-lt
interface GigabitEthernet0/0/1
traffic-policy celvluyou inbound

Other related questions:
Does an AR router support redirection to a next hop
The ARs support redirection to a next hop.

Configure next-hop backup through policy-based routing on an AR router
If multiple carriers are available on a network, configure next-hop backup to keep network connectivity for intranet users and improve network robustness. Run the redirect backup-nexthop ip-address command in the traffic behavior. For details about the configuration of specific policy-based routing, see the URL: Example for Configuring Interface PBR. Configuring Interface PBR.

Configure redirection on an AR
For details about how to configure redirection on an AR, see Configuring Interface PBR. Example for Configuring Interface PBR.

How to configure redirection through the web platform on the AR
AR series routers do not support the configuration of redirection through the web platform.

Command used on the USG6000 to detect the accessibility of the next hop
The commands used on the USG6000 to detect the accessibility of the next hop are as follows: 1. IP-Link definition IP-Link indicates the link accessibility check. The NGFW periodically sends ICMP echo requests or ARP requests to the specified destination IP address and waits for responses. If no response is received with the specified period of time (3s by default), the firewall considers that the current link is faulty and performs subsequent link-related operations. If the firewall receives three consecutive responses over the original link within the subsequently-specified period of time, the firewall considers that the link fault is eliminated and performs subsequent link recovery-related operations. a. Purposes IP-Link is mainly used to automatically detect whether a service link is normal. It can be used to detect the status of a link that is not directly connected to the NGFW to ensure service continuity. b. Command format [NGFW] ip-link check enable [NGFW] ip-link 1 destination mode icmp [NGFW] ip-link 2 destination mode icmp [NGFW] ip route-static track ip-link 1 [NGFW] ip route-static preference 70 track ip-link 2 For details about IP-Link, click link url="">USG6000 Series Cases for Interworking Between IP-Link and the Hot Standby Devices. 2. Bidirectional forwarding detection (BFD) definition The BFD is used to fast detect communication faults between systems and report the faults to the upper layer protocol in a timely manner. a. Purposes To minimize impacts caused by device faults on services and improve network availability, network devices need to detect faults in communication with adjacent devices in a timely manner to avoid service interruption. The BFD has the following functions: (1) Provide a light-load and fast fault detection mechanism for links between adjacent forwarding engines. The faults include interface faults, data link faults, or even forwarding engine faults. (2) Provide a single mechanism used to detect any media or protocol layer in real time, with wide detection time and overhead ranges. b. Command format (1) The commands used to configure the BFD session are as follows: [NGFW_A] bfd [NGFW_A-bfd] quit [NGFW_A] bfd ab bind peer-ip [NGFW_A-bfd-session-ab] discriminator local 10 [NGFW_A-bfd-session-ab] discriminator remote 20 [NGFW_A-bfd-session-ab] commit (2) The command used to configure the interworking between the static route and BFD session is as follows: [NGFW_A] ip route-static track bfd-session ab

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top