To have a better experience, please upgrade your IE browser.upgrade
Questo sito utilizza cookie di profilazione (propri e di terze parti) per ottimizzare la tua esperienza online e per inviarti pubblicità in linea con le tue preferenze. Continuando a utilizzare questo sito senza modificare le tue preferenze acconsenti all’uso dei cookie. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui>
The website that you are visiting also provides Arabian language. Do you wish to switch language version?
يوفر موقع الويب الذي تزوره المحتوى باللغة العربية أيضًا. هل ترغب في تبديل إصدار اللغة؟
The website that you are visiting also provides Russia language Do you wish to switch language version?
Данный сайт есть в английской версии. Желаете ли Вы перейти на английскую версию?
Networking: PC (Intranet) ---------- third-party firewall ------- Internet ------- E1000E-X3---------SSL-VPN server
An IPSec tunnel was set up between the third-party firewall and Huawei firewall E1000E-X3.
The nat-policy interzone trust untrust outbound was applied so that hosts could access the Internet. No-NAT was applied to communication between private network addresses.
An intranet PC could telnet the SSL-VPN server but the SSL-VPN failed to telnet the intranet PC.
After the SSL-VPN server tried to telnet an Intranet PC, engineers ran dis firewall session table destination inside 10.****** to query session information and corresponding session information was displayed.
Tracert tests succeeded from the SSL-VPN server and the public address of the uplink interface on E1000E-X3.
On E1000E-X3, pinging the intranet PC using the SSL-VPN server address as the source address succeeded.According to the tracert results, the second and third hops were numbered xxx, and the fourth hop was the destination address.
Huawei performed the following operations to address the problem:
1. Found that the E1000E did not bar the remote access packets and sessions could be set up properly.
2. Checked the IPSec information and found that VPN channels were set up properly.
3. Found that tracert succeeded to the public address.
4. Checked outbound NAT policy configurations.
nat-policy interzone trust untrust outbound
policy source 10.************
policy source 10.*************
policy destination 10.**********
Configure policy 1 and then policy 6.nat-policy interzone trust untrust outbound