Got it

[Troubleshooting Series] Case 47 Users from internet can’t get access to the server in lan side

651 0 0 0 0


Physical Network Topology

170147axs8z0w2r2sk8p32.png

 

Fault Description

AR2 can visit server via https.AR1 and AR2 learn the route via BGP protocol.

AR2 Can not get access to the private server

Configuration Files

l   AR

#
 sysname Router                                                                              
#                                                                                
acl number 2000                                                                 
 rule 5 permit                                                                                              
#                                                                                
interface GigabitEthernet0/0/1
 ip address 10.1.1.2 255.255.255.0                                           
#                                                                               
interface GigabitEthernet0/0/2    
 ip address 192.168.1.2 255.255.255.0
 nat outbound 2000 
#
bgp 100
 route-id 192.168.1.2
 peer 192.168.1.1 as-number 65009
 #
 ipv4-family unicast
 peer 192.168.1.1 enable
#                                                               
return

Troubleshooting Procedure

                               Step 1      Checking whether AR2 can ping AR1:

170148b4cv8sp7vmywgcq8.png

                               Step 2      AR2 can’t ping AR1, we should check the routing-table. Check the route is correct or not. If not, we should modify it first. And make sure AR2 can ping AR1, pc can ping AR1.

                               Step 3      After Pc can ping AR1. Let’s try to visit the website on PC.

                               Step 4      If the pc can’t visit the website. We should check the nat configuration on AR1. In this scenario, we should configure a nat static/server on AR1.

----End

Root Cause

First, there’s no route from AR1 to AR2, so AR2 can’t ping AR1.

If AR2 want to visit private server, AR1 should do a nat static/server to make the private server visible form AR2.


  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.