Topology: web server－NE40----MA5200F
Users at MA5200 can access server of external network, but cannot access web and mail server of local site. These servers directly attaches at NE40.
1. Check external address through tracert and it is not problematic. Web server of local server 220.127.116.11 reaches MA5200F and then interrupts.
2. Check the route from tMA5200F to 18.104.22.168. It reaches NE40 through default route.
3. Ping the gateway 22.214.171.124 of web server at MA5200F and it cannot be pinged. Open debug ip icmp at NE40 and it is found that NE40 does not receive icmp packet at MA5200F. It is concluded that the route from MA5200F to NE40 is problematic.
4. Check route at NE40 and it is no problematic. MA5200F is problematic.
5. Check configuration at MA5200F:
ip pool pool2 local
gateway 126.96.36.199 255.255.252.0
section 0 188.8.131.52 184.108.40.206
section 1 220.127.116.11 18.104.22.168
Network segment 84 and network segment 87 act as address pool of pppoe. Network segment 86 is not used, user allocates it to web server, but gateway 22.214.171.124 255.255.252.0 has contained network segment 86. MA5200F recognizes network segment 86 at MA5200F, so pppoe cannot access address of network segment 86.
6. Split IP pool pool2 into network segment 84 and network segment 87 and the problem is solved.
The server address belongs to one network segment of address pool at MA5200F. When users at MA5200F access network, packers are not forwarded to device at upstream. So it does not communicate.