The Intranet Server Resource Cannot Be Accessed Through the Network Extension Service

Publication Date:  2012-07-18 Views:  121 Downloads:  0
Issue Description
After a user enables network extension on the PC and obtains virtual IP address 15.1.1.32/24, the user cannot access the intranet server resource 9.1.2.101/24 through the network extension service on the PC.
Figure 1 Typical networking of network extension

Alarm Information
None
Handling Process
Figure 2 Troubleshooting flowchart for the network extension fault

Cause one: The network connection is faulty.

Run the ping command to check the routes among various NEs. If a certain NE cannot be pinged through, check the network connection. If the network connection is normal, but there is no reachable route, add the corresponding route.

  • The route to the intranet server is not configured on the SVN3000.
    Click Network Management in the System Management navigation tree, and then click the Static Route Configuration tab. Click Add to add a static route, as shown in Figure 3.
    Figure 3 Adding a route

    • There is no reachable route to the virtual IP address of network extension on the intranet server.

      Add a route whose destination IP address is 15.1.1.0/24 and next-hop IP address is 9.1.2.10 on the FTP server.

    • The route to the virtual IP address of network extension is not configured on the routing device between the SVN3000 and intranet server.

      Add a route whose destination IP address is 15.1.1.0/24 and next-hop IP address is 9.1.1.9 on the switch.

     

    • Cause two: The intranet server is not configured as the network extension resource on the SVN3000.

       

      1. Log in to the Web-based NMS, and then click Network Extension in the Virtual Gateway List navigation tree.
      2. Check the routing mode of the client:
        • If the routing mode of the client is Split tunnel or Full tunnel, this cause can be excluded. In this case, perform cause three.
        • If the routing mode of the client is Manual tunnel, check whether network segment 9.1.2.0/24 is configured. If the network segment is not configured, add it.

       

    • Cause three: The access control policies on the SVN3000 do not allow the user to access the network extension resource.

       

      1. Click Policy Configuration in the Virtual Gateway List navigation tree. Click the User Policy tab to check whether there is a destination IP policy that prevents the user from accessing the intranet server resource. If there is such a policy, delete it.
      2. Click the Group Policy tab to check whether there is a destination IP policy that prevents the group (to which the user belongs) from accessing the intranet server resource. If there is such a policy, delete it.
      3. Click Role Configuration in the Virtual Gateway List navigation tree. Click  of the role and select Resource Association and then Network extension to check whether network extension is enabled for the role to which the user belongs. If network extension is disabled, enable the network extension of the role.

       

Root Cause

Cause one: The network connection is faulty.

Cause two: The intranet server is not configured as the network extension resource on the SVN3000.

Cause three: The access control policies on the SVN3000 do not allow the user to access the network extension resource.

 NOTE:
If the accessed resource is in the format of a domain name, you need to check whether the DNS server is correctly configured on the virtual gateway.
Suggestions
None.

END