No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Policy-based routing leads to PC can’t use the private network address access web server

Publication Date:  2012-11-09 Views:  36 Downloads:  0
Issue Description
Customers in the internal network PC uses private network address access WEB SERVER, cannot open the WEB page. 


Alarm Information
None.
Handling Process
NE20-4 policy-based routing configuration is as follows:
acl number 3001
rule 10 permit ip source 192.168.0.0 0.0.255.255
#
traffic classifier neiwang
if-match acl 3001
#
traffic behavior neiwang
remark ip-nexthop 10.1.1.2 GigabitEthernet1/0/1
#
traffic policy neiwang1
classifier neiwang behavior neiwang
#


interface GigabitEthernet1/0/0
description link-down IPS
ip address 192.168.0.1 255.255.0.0
traffic-policy neiwang1 inbound

Modify the configuration of ACL 3001 to:
acl number 3001
rule 5 deny ip destination 172.16.0.0 0.0.0.255
rule 10 permit ip source 192.168.0.0 0.0.255.255

After added a DENY rule in the ACL 3001, mismatch the address whose target network segment is server network segment to policy-based routing, make the internal network PC access server network segment routing by other routing. The priority of the policy-based routing is higher than all other routings.
Root Cause
Due to the customers configured the policy-based routing in the NE20-4, lead to the address of the network segment whose original address is 192.168.0.0 first matched to policy-based routing, and then the other routings (static routing, default routing) cannot be matched to. It will cause can’t access to the WEB service.
Suggestions
When configure the policy-based routing, pay attention to the matched ACL network segment, the address mismatched policy-based routing must be denied in the ACL.

END