User double exports, one to the public network, the leased line connects company headquarters. Network topology is as follows:
----10.72.18.1-------10.72.18.2(untrust1) Company headquarters
User’s internal network-----------(trust)USG
The internal network users sometimes can't access the Internet, can’t open the web page.
1 Through the display NAT - policy interzone trust untrust outbound check trust and untrust of NAT strategy, did not find out the problem;
2 Through the display policy interzone trust untrust outbound check interzone strategy, the default of which is full release:
policy interzone trust untrust outbound
firewall default packet-filter is permit
3 Through the display IP routing - table view routing, found two equivalent default routes;
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 10.72.18.2 GigabitEthernet0/0/1
Static 60 0 RD 18.104.22.168 GigabitEthernet5/0/0
4 Guide the user to change routing setting, modify the routing to the headquarters of the company network, delete the default routing to company headquarters. Testing normal after changing, problem solving.
1 User NAT strategy configuration error;
2 Domain problems between strategy;
3 User routing configuration problem.