Got it

[Troubleshootin Series] Case 1 Users from internet can’t get access to the server in lan side Highlighted

Latest reply: Dec 24, 2018 01:48:49 524 5 1 0 0

In the new series, we will introduce the different network failure cases and troubleshooting, hope these cases can help you sloving your problem.

Physical Network Topology


network topology


Fault Description

AR2 can visit server via https.AR1 and AR2 learn the route via BGP protocol.

AR2 Can not get access to the private server

Configuration Files

l  AR

#
 sysname Router                                                                              
#                                                                                
acl number 2000                                                                 
 rule 5 permit                                                                                              
#                                                                                
interface GigabitEthernet0/0/1
 ip address 10.1.1.2 255.255.255.0                                           
#                                                                               
interface GigabitEthernet0/0/2    
 ip address 192.168.1.2 255.255.255.0
 nat outbound 2000 
#
bgp 100
 route-id 192.168.1.2
 peer 192.168.1.1 as-number 65009
 #
 ipv4-family unicast
 peer 192.168.1.1 enable
#                                                               
return

Troubleshooting Location

  Troubleshooting Procedure

                              Step 1     Checking whether AR2 can ping AR1:

175029mbhaprzbphqrgaau.png

                                    Step 2     AR2 can’t ping AR1, we should check the routing-table. Check the route is correct or not. If not, we should modify it first. And make sure AR2 can ping AR1, pc can ping AR1.

                              Step 3     After Pc can ping AR1. Let’s try to visit the website on PC.

                              Step 4     If the pc can’t visit the website. We should check the nat configuration on AR1. In this scenario, we should configure a nat static/server on AR1.

----End

  Root Cause

First, there’s no route from AR1 to AR2, so AR2 can’t ping AR1.

If AR2 want to visit private server, AR1 should do a nat static/server to make the private server visible form AR2.

By the way, when configuring nat static/server, we should notice the difference between nat static and nat server.

[CASE]After configuring ipsec vpn on router,ping is normal but telnet is abnormal this case shows that if ignoring the difference between nat server and nat static what failure will cause.


  • x
  • convention:

littlestone
Created Nov 27, 2018 13:42:04

Border Gateway Protocol (BGP) is an autonomous routing protocol running on TCP. BGP is the only protocol that handles networks the size of the Internet and the only protocol that handles multiple connections between unrelated routing domains properly.
View more
  • x
  • convention:

faysalji
Moderator Author Created Nov 28, 2018 07:39:37

Good case...
View more
  • x
  • convention:

faysalji
Moderator Author Created Nov 28, 2018 07:39:59

Appreciate such series of cases.
View more
  • x
  • convention:

faysalji
Moderator Author Created Nov 28, 2018 07:40:15

Thanks.
View more
  • x
  • convention:

xiaomumu
Created Dec 24, 2018 01:48:49

This post was last edited by xiaomumu at 2018-12-27 02:32. What happens if you ignore the difference between NAT server and NAT static? Could you elaborate on that?
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.