a customer's web server is unable to access, ping the server address did not passed.
We can check the routing first,examined the route configuration and the routing that effective actually.
Uses "disp cur | inc ip rout" examines the static routing configuration,
Uses "disp ip routing" to examine the static routing and valid routing,
When the routing list item is very many, is takes a long time to find the aimed routing, use the filtrate condition to screen the route, here we introduces another method to troubleshoot route question.
Config a acl
acl number 3330
rule 5 permit ip destination 18.104.22.168 0
Under user view
<usg2210>debug ip packet-trace acl 3330
and then the following output:
*0.114939110 USG2200 DEBUG/7/Debug_trace:
Datetime: 2012/12/13 15:38: 7
Debug type: CPU debug trace.
4996: 22.214.171.124: 43990--> 126.96.36.199: 2048,1, EthType:0x800, Len:84, MF:0, Offset:0.
packet passed valid check.
receive from G0/0/0 zone:trust VFW<public>
search route (188.8.131.52--> 184.108.40.206) in VFW<public>
no route, packet dropped.
by this infomation we can known the packet was discarded because of no routing.
The reson that the server does not service may be the follow seasons:
it may be related to network link, network equipment, server etc,generally the suggestion step is check the network first, and then check the network equipment, gradually reduction scope, for example: check the route first, uses the ping determination route whether may reach, if cannot reach uses the tracert determination where route to interrupt, if the route may reach further confirmed the equipment again and access strategy of essential node. Essential node is NAT gateway, firewall and so on.
Using packet tracing can inspect the packet drop reason in equipment, it is suggested to use when troubleshooting the transmitting failed breakdown.