Problem to Access NetEco in Customer remote office which having different Network segment

Publication Date:  2017-04-28 Views:  780 Downloads:  0
Issue Description

Data Center  network which install inside data center is
private network based on access switch only and when this private network
traffic connect to customer other public network which having router, firewall
and core switch video stream can not access from customer public network. This
problem customer reports.


what is happening to customer:


1. when customer login to NetEco system in data center he can successfully login from
web and can do all management and maintenance operation into NetEco and manage
their alarms. but when customer try to login from remote office he can not
login into it while he can ping NetEco server IP address from remote office
network.


2. Customer connects data center network with their other data center network and they want
first data center network traffic should allow for second data center. NetEco
server is installed in first Huawei data center and customer office network is
connected from second data center network.


3. Customer has implemented NAT IP for NetEco server. He can Ping NetEco server IP but he
can not login to NetEco Web client from his remote office network.


Alarm Information

Customer report following problem alarm:

I still can not login to Neteco client from remote office. It saying network
exception same massage as you was getting.



Handling Process

Solution Diagnostic process:


As per Customer network design there was 3 Network which Data center traffic is passing through hence need to check
and configure each step of network as shown in below picture.


 1. NetEco server installed in Huawei Data center and it is connected with Access switches with all ECC and NetEco
server.

 

2. Then Network is connected to GTMH Telecom DC which having router, firewall and switch connected.

 

3. Then GTMH telecom Data Center network connected with customer remote office network which can accessible all
other network in customer remote office NOC room.

 

4. Apart from Network configuration they also need to allow ports in Firewall for HTTPS connection so that NetEco
traffic can allow pass to NetEco.


5. Configure NAT IP into router with defining Port and protocol to allow traffic
from router.



Root Cause

Since customer was configure NAT IP for network translation but they do not allowing Firewall to open HTTPS port
hence it was blocking network from firewall. They can ping NetEco server IP
address but still they can not login to NetEco since HTTPS port : 31943 was
blocking traffic to allow pass from GTMH telecom data center.

Here is NAT configuration Code:



chain=dstnat action=dst-nat to-address=192.168.8.11 to-ports=31943

protocol=tcp dst-address=103.213.228.130 dst-address-list=103.213.228.130

in-interface=sfp1 dst-port=31943 log=no log-prefix=”“



Solution


There also can configure Network by configuring routing in router and firewall. but that need to network engineer
to configure it and route NetEco server IP which is in Private network to route
with other data Center Network.

 

 

 

 

Suggestions


 

END