Ping the address of the segment of operator C from dial-in access public network of operator D and it cannot be pinged. Tracert the result and multi-hop address is the same address.
C: \Documents and Settings> tracert xx.xxx.218.66
Tracing route to xx.xxx.218.66 over a maximum of 30 hops
1 131 ms 129 ms 129 ms xx.xxx.152.6
2 130 ms 130 ms 129 ms xx.xxx.152.30
11 200 ms 190 ms 199 ms xx.xxx.0.5
12 200 ms 190 ms 189 ms xx.xxx.31.246
13 190 ms 190 ms 190 ms xx.xxx.3.46 (RT)
14 170 ms 169 ms 170 ms xxx.91.74.100 (address of firewall connecting egress of external network)
15 170 ms 170 ms 170 ms xxx.91.74.100
16 * * * Request timed out.
PC--S6506--NE40--firewall--egress of external network
RT (router of other companies)-- ingress of external network
1. Check the path. The response address before tracert to RT is normal, but there is no link from RT to firewall. There is firewall address, but the next-hop of the route is not firewall.
2. Check route on NE40 and it is found that route match of tracert source address points to static rotue of firewall. Static route of corresponding configured address on NE40 points to RT. Execute ping snd tracer, and it is reachable.
3. Check firewall configuration and it is found that client has made NAT transformation of public network address on firewall. Th problem is located. The source address of response packet is changed on firewall, tracert sender does not receive response of destination address.
Execute ping and tracert. Only when source address of received response packet of the device is destination address, it is reachable. Operator C sets route to packet to operator D and sends it to the firewall, and then pass egress of external network. Execute tracert command and response packets on three next-hop devices from NE40 pass the firewall. The firewall transforms the source address of packets. After executing ping and tracert commands, the source address of response packets is transformed address. There is no response after executing ping and tracert, and multi-hop is the same address with tracert command.