In the new series, we will introduce the different network failure cases and troubleshooting, hope these cases can help you sloving your problem.
Physical Network Topology
Fault Description
AR2 can visit server via https.AR1 and AR2 learn the route via BGP protocol.
AR2 Can not get access to the private server
Configuration Files
l AR
#
sysname
Router
#
acl number
2000
rule 5
permit
#
interface GigabitEthernet0/0/1
ip address 10.1.1.2
255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.1.2 255.255.255.0
nat outbound 2000
#
bgp 100
route-id 192.168.1.2
peer 192.168.1.1 as-number 65009
#
ipv4-family unicast
peer 192.168.1.1 enable
#
return
Troubleshooting Location
Troubleshooting Procedure
Step 1 Checking whether AR2 can ping AR1:
Step 2 AR2 can’t ping AR1, we should check the routing-table. Check the route is correct or not. If not, we should modify it first. And make sure AR2 can ping AR1, pc can ping AR1.
Step 3 After Pc can ping AR1. Let’s try to visit the website on PC.
Step 4 If the pc can’t visit the website. We should check the nat configuration on AR1. In this scenario, we should configure a nat static/server on AR1.
----End
Root Cause
First, there’s no route from AR1 to AR2, so AR2 can’t ping AR1.
If AR2 want to visit private server, AR1 should do a nat static/server to make the private server visible form AR2.
By the way, when configuring nat static/server, we should notice the difference between nat static and nat server.
[CASE]After configuring ipsec vpn on router,ping is normal but telnet is abnormal this case shows that if ignoring the difference between nat server and nat static what failure will cause.