Unable to reach management interface G0/0/0 in V5R1

Publication Date:  2016-12-20 Views:  557 Downloads:  0
Issue Description

Take in consideration below topology. On USG is running V5R1.

G0/0/0 is management interface. It is configured like below. Gateway is AR1.

interface GigabitEthernet0/0/0

undo shutdown

ip binding vpn-instance YYY

ip address X.X.29.209 255.255.255.252

gateway X.X.29.210

service-manage http permit

service-manage https permit

service-manage ping permit

service-manage ssh permit

service-manage snmp permit

service-manage telnet permit

service-manage netconf permit

As you know, after we use command gateway X.X.29.210 when parameter no-route is not specified (as in our example) a default route with its protocol as Gateway is generated. The next hop is the gateway address specified on the interface. The route configuration command (ip route-static) is not automatically generated when the device delivers route entries. You cannot use undo ip route-static command to delete the static route.

If we check the configuration, a default route has been generated with next hop gateway.

If we try to ping the USG from AR1 is working but if we try to ping the USG from Internet is not working. Ping from Internet to AR1 is working. 

Solution

It seems that on V5R1 by default, G0/0/0 is bound to default vpn-instance.

The easy solution in this case is to remove the default configuration "ip binding vpn-instance YYY" under interface G0/0/0. After, the connection from Internet towards USG will work.

END