No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

To solve the address conflict problem when applying SVN3000

Publication Date:  2012-10-22 Views:  31 Downloads:  0
Issue Description
Customer’s topology is as follows: the customer configures SVN3000 equipment deployed in network exports, connecting the two segments to internal network, one side uses the L3 switches connect the internal network, for another uses the L2 switches connect the internal network. And finally the internal network addresses use the same web address section. Now the question is, because the whole SVN3000 equipment shared the same routing table, the protected internal network located behind in SVN3000 exists network address overlap, it will meet difficult when networking, at the same time the routing can’t achieve.
Alarm Information
None.
Handling Process
SVN3000 key configuration:
L3 switch configuration:
  vlan 10     ip=1.1.1.0/24
  vlan 20     ip=100.1.1.2/24
  Adding route
   ip route-static 15.1.1.0 255.255.255.0 100.1.1.2 preference 60
SA Server 1.1.1.56:
  Adding route
   route add 15.1.1.0 mask 255.255.255.0 1.1.1.55
BA Server 1.1.1.56:
  Adding route
   route add 9.99.1.0 mask 255.255.255.0 100.100.100.1
SVN3000:
   SA virtual gateway virtual address pool 15.1.1.10 – 15.1.1.20 /24
   BA virtual gateway virtual address pool 9.99.1.10 – 9.99.1.20/24
  create ACL
    [SVN3000-acl-basic-2001]rule 1 permit source 15.1.1.0 0.0.0.255
  Create policy-based routing
    [SVN3000-route-policy-vt2-1]if-match acl 2001
    [SVN3000-route-policy-vt2-1]apply ip-address next-hop 100.1.1.1
   apply policy-based routing
    [SVN3000]ip local policy route-policy vt2
Root Cause
Configuration ideas: can solve the problem through adding the network expansion function in the policy-based routing configuration of the SVN3000 equipment’s C02 characteristics.
This application scene has two internal networks located behind in SVN3000 equipment, and the two internal networks have the same network segment (1.1.1.56/24).
The users who use SVN3000 remote access are divided into two groups (SA, BA), and require clientA user can visit SA internal network after remote access and clientB user can visit BA internal network after remote access.
Configuration idea is in the SVN3000 create two virtual gateways, clientA users and clientB users respectively login different virtual gateways. But the difficulty of the configuration is that can’t configure the routings to the internal network on SVN3000 equipment (because SVN3000’s different virtual gateways shared the same routing table, in the scene demands the target networks are the same and the next hop of the routings are different).
The solution is enabling network expansion function in SVN3000. SA and BA virtual gateway use different virtual IP network segment, and then apply policy-based routing, in policy-based routing set routings according to the source IP address of message.
Suggestions
1. Combine the policy-based routing and network expansion function can solve the problem that the internal network’s address overlap, it will has no effect if combine with the port forwarding, web proxy, file sharing function.
2. Policy-based routing function cannot use Web configure.

END