Client can’t open the WEB management interface from the IP Address inside the firewall

Publication Date:  2012-09-12 Views:  205 Downloads:  0
Issue Description
In the region trust, the client can’t open the WEB management interface when he visits the 192.168.0.1, but he can open it when he visits the public address of the public network. 
Alarm Information
 None
Handling Process
1 Check the rule of package filtrate of the firewall; open all of them as default.
2 Check the router of the firewall, we can ping the host computer which start the visit in the firewall.
3 display firewall session table source inside X.X.X.X Check the session of the internal IP Address which start up the visit, found out that the interface address of the internal network 192.168.0.1 have done the NAT exchange.
4 Tracert the 192.168.0.1, found out it connect to the public network directly.
5 Check the configuration, found out the client configures a permit ip in the acl 3334 in the policy.
 policy-based-route wagntong permit node 5
  if-match acl 3333
  apply ip-address next-hop 113.0.143.137
policy-based-route wangtong permit node 10
  if-match acl 3334
  apply ip-address next-hop 222.171.59.118
#

#
acl number 3334
description dianxin_wangduan
rule 9 permit ip destination 222.171.63.242 0
rule 10 permit ip destination 221.229.253.251 0
rule 20 permit ip destination 222.168.65.61 0
rule 30 permit ip destination 222.68.252.20 0
rule 100 permit ip
#
traffic classifier wangtong operator and
if-match acl 3333
#
traffic behavior wangtong
#
interface GigabitEthernet0/0/0          
mtu 1400
description inside
ip address 192.168.0.1 255.255.255.0
ip policy-based-route wangtong

6、change acl as below,

acl number 3334
description dianxin_wangduan

rule 5 deny ip destination 192.168.0.1 0
rule 9 permit ip destination 222.171.63.242 0
rule 10 permit ip destination 221.229.253.251 0
rule 20 permit ip destination 222.168.65.61 0
rule 30 permit ip destination 222.68.252.20 0
rule 100 permit ip

Retry, problem solved
Root Cause
1 .The rule between the local region and trust region has problem.
2 .3 layer switch of the internal network has problem
Suggestions
none

END