No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

After configured the full tunnel, the far end users can't visit the local external network

Publication Date:  2012-10-18 Views:  51 Downloads:  0
Issue Description
Version information: svn3000V100R002C01B014
Networking profile:
|—————————|                                            svn3000
|      Local server          |                                                   |
|                                    |-------internet-----enterprise internal network server------ enterprise internal network server
|          client              |                      |
|—————————|             external network server 
Fault phenomenon: the external network users through the client landing to svn3000 virtual gateway, can access internal network resources, but cannot access remote users local internal network and external network server.
Alarm Information
None.
Handling Process
Open network function expansion, the administrator can choose different routing model, in order to realize the customer for different resource access control.
Network function expansion has three kinds of routing mode: full tunnel mode, the separation routing model, manual routing model. In this three kinds of mode, users PC generated routing table item is not the same. Under full tunnel mode, the message arrived at the local network and external network, far end enterprise network are forwarding through the virtual network adapter, therefore can only access remote enterprise network; Under separation routing mode, the message arrived at the local network is through the real nic forward, so under this mode, can visit the local network and far end enterprise network; Manual routing mode, the message arrived at the local network and external network is through the real nic forward, so under manual mode, users can visit the local network and external network, far end enterprise network resources.
Root Cause
Configured svn3000 network extending function’s full tunnel, can generate a virtual network adapter in the far end users PC. In the routing table, there are for PC real network and virtual network adapter different entry, as shown below
network destination       netmask                 gateway          interface     matric
0.0.0.0                              0.0.0.0                  172.16.0.14    172.16.0.14      1    
172.16.0.0                       255.255.255.0    172.16.0.14    172.16.0.14      30
192.168.0.0                     255.255.255.0    192.168.0.2    192.168.0.2      10
192.168.0.0                     255.255.255.0    172.16.0.14    172.16.0.14      1
As shown above, the message to the external network is through the virtual network adapter (IP address is 172.16.0.14) forward, and the virtual network adapter is only effective for virtual gateway, so in the full tunnel mode, unable to access the external network resource. there are two routings to local internal network, the metrix value of the routing entry forwarding through the real network adapter whose IP address is 192.168.0.2 is 10, and metrix value through the virtual network adapter forwarding is 1, so will choose through the virtual network adapter forward, but the virtual IP address is invalid to local network, so in full tunnel mode, unable to access the local network.
Suggestions
None.

END