After a user enables network extension on the PC and obtains virtual IP address 220.127.116.11/24, the user cannot access the intranet server resource 18.104.22.168/24 through the network extension service on the PC.
Figure 1 Typical networking of network extension
Figure 2 Troubleshooting flowchart for the network extension fault
Cause one: The network connection is faulty.
Run the ping command to check the routes among various NEs. If a certain NE cannot be pinged through, check the network connection. If the network connection is normal, but there is no reachable route, add the corresponding route.
The route to the intranet server is not configured on the SVN3000.
Click Network Management
in the System Management
navigation tree, and then click the Static Route Configuration
tab. Click Add
to add a static route, as shown in Figure 3
Figure 3 Adding a route
There is no reachable route to the virtual IP address of network extension on the intranet server.
Add a route whose destination IP address is 22.214.171.124/24 and next-hop IP address is 126.96.36.199 on the FTP server.
The route to the virtual IP address of network extension is not configured on the routing device between the SVN3000 and intranet server.
Add a route whose destination IP address is 188.8.131.52/24 and next-hop IP address is 184.108.40.206 on the switch.
Cause two: The intranet server is not configured as the network extension resource on the SVN3000.
Log in to the Web-based NMS, and then click Network Extension in the Virtual Gateway List navigation tree.
Check the routing mode of the client:
If the routing mode of the client is Split tunnel or Full tunnel, this cause can be excluded. In this case, perform cause three.
If the routing mode of the client is Manual tunnel, check whether network segment 220.127.116.11/24 is configured. If the network segment is not configured, add it.
Cause three: The access control policies on the SVN3000 do not allow the user to access the network extension resource.
Click Policy Configuration in the Virtual Gateway List navigation tree. Click the User Policy tab to check whether there is a destination IP policy that prevents the user from accessing the intranet server resource. If there is such a policy, delete it.
Click the Group Policy tab to check whether there is a destination IP policy that prevents the group (to which the user belongs) from accessing the intranet server resource. If there is such a policy, delete it.
Click Role Configuration in the Virtual Gateway List navigation tree. Click of the role and select Resource Association and then Network extension to check whether network extension is enabled for the role to which the user belongs. If network extension is disabled, enable the network extension of the role.