But NE40 has no ACL 113. As applying the route policy, NE40 is configured to filter out all the direct connecting route and static route.
Before configuration, the reason that the NAT succeeds is because the configured black hole route is allocated onto the peer C12000 successfully, to solve the problem that the network segment has no returning route. After doing this error route policy, the uplilnk C12000 cannot learn the route of this network segment, so NAT cannot find the return route after traveling out, and the users cannot go on line.
Till now, the malfunction source is found out. Configure NE40 correctly and the malfunction is solved.
1.check the data configuration on MA5200, there is no abnormal condition, and the underlying users can acquire the correct private network addresses. As open any page, fail in communicating with DNS and Portal server, but MA5200 adds these addresses into the accessable list of failing in communicating users.