Equivalent routing configuration problem causes users access the Internet intermittence.

Publication Date:  2012-09-13 Views:  100 Downloads:  0
Issue Description
User double exports, one to the public network, the leased line connects company headquarters. Network topology is as follows:
                                                          ----10.72.18.1-------10.72.18.2(untrust1)  Company headquarters                    

User’s internal network-----------(trust)USG                         

                                                          -----58.64.145.87-------58.64.145.88(untrust) Internet

The internal network users sometimes can't access the Internet, can’t open the web page.

Alarm Information
None.
Handling Process
1 Through the display NAT - policy interzone trust untrust outbound check trust and untrust of NAT strategy, did not find out the problem;
2 Through the display policy interzone trust untrust outbound check interzone strategy, the default of which is full release:
          policy interzone trust untrust outbound
          firewall default packet-filter is permit
3 Through the display IP routing - table view routing, found two equivalent default routes;
         Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
         0.0.0.0/0   Static 60   0          RD  10.72.18.2      GigabitEthernet0/0/1
         Static 60   0          RD  58.64.145.88    GigabitEthernet5/0/0
4 Guide the user to change routing setting, modify the routing to the headquarters of the company network, delete the default routing to company headquarters. Testing normal after changing, problem solving.

Root Cause
1 User NAT strategy configuration error;
2 Domain problems between strategy;
3 User routing configuration problem.
Suggestions
None.

END