No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

USG Internet disconnect

Publication Date:  2017-08-11 Views:  412 Downloads:  0
Issue Description

In the network, there are two interfaces connected out to internet and one interface to its Hub.

Terminals in the network can't connect to internet.

Handling Process

1.check the nat policy and security policy on firewall

  nat policy is ok and the secrurity policy used default action permit.

2.tracert on terminal to internet

  to see the last hop is not an internal ip address out the network.

3.check the routes on the firewall

  ip route-static 0.0.0.0 0.0.0.0 x.x.x.x(an internet IP) Gx/x/x

  ip route-static 0.0.0.0 0.0.0.0 y.y.y.y(an internet IP) Gy/y/y preference 200

  ip route-static 0.0.0.0 0.0.0.0 z.z.z.z(an internal IP) Gz/z/z

 

   dispaly ip route
        0.0.0.0/0   Static  60   0          RD   x.x.x.x(an internet IP)   Gx/x/x

                    Static  60   0          RD   z.z.z.z(an internal IP)   Gz/z/z

 4.delete the route , the network recovered.

         ip route-static 0.0.0.0 0.0.0.0 z.z.z.z(an internal IP) Gz/z/z

 

Root Cause

In this network,there are two isovalent active default routes, but one path is not to internet.So,the terminal can not connect to internet when it choose the second path. This is a customer's configuration mistake.

Solution

Advised customer to create a detail route instead of a default route to its HQ.

 

 

Suggestions

In the multi-export network, the routes are advised create detailedly.

END