2631 cannot communicate with the internet address after configuring

Publication Date:  2012-07-27 Views:  96 Downloads:  0
Issue Description
2631 configures NATadopting the address pool and ACL association. It is normal for the private network to access Internetbut the Internet cannot communicate with Internet address of 2631, and 2631 cannot communicate with other addresses of Internet.

Alarm Information
No

Handling Process
Amend ACLchange the matching network segment in rule to the private network address rangeSuch as
only allow the network segment of 192.168.0.0/24 to be switched by NAT

rule permit source 192.168.0.0 0.0.0.255
after amending, 2631 can communicate with the other addresses of Internet.


Root Cause
The ACL list associating with NAT address pool isrule permit source anyit means all the IP packet source addresses from the Interface are switched to the addresses in NAT address pool by NAT, including icmp echo and reply packetsso the addresses in the Ping packets echo and reply connecting with 2631 Internet interface are not consistentone is the interface addressanother is the address in NAT address pool),so it cannot be communicated.

END