The users of the private network cannot access the Internet server due to the incorrect mask configuration.

Publication Date:  2012-07-27 Views:  61 Downloads:  0
Issue Description


Description:the NAT users under NE40 cannot access some Internet server under NE80,but the other Internet access is normal.

Alarm Information


Handling Process

1the configuration is correct,the users can go on line normally,so does the Internet server.

2recheck the configuration, and detect the address of NAT address pool and Interface server is similar, so we hesitate the Internet server mask is too large. After check, ensure the condition. So the packets of the Internet server cannot be forwarded to NE40.

3reconfigure the mask of the Internet server correct the problem is solved. 

Root Cause
The address pool of NAT is 211.*.2*0.33, the server address is 211.*.2*0.100, the mask is address of the server and that of the NE40 NAT address pool belong to the same network segment. As the users access these servers, because NE40 does NATso the source address used by the packet received by the server is that of the NAT address pool. As the server responds the users, it thinks the users and itself belong to the same network segment, it will send ARP request, instead of sending the packets to gateway NE80 to forward. These ARP packets are impossible to be received, so the NAT users cannot communicate with the server, while the other Internet access is normal.