Some information on the customer's Web site can be displayed only after sub-link address resolution. The customer's network has two egresses. The USG5350 maps the internal server main site and sub-link sites to the public network. However, only the Web page of the main site can be displayed, but the login page of a sub link cannot be displayed.
The networking diagram and the abnormal Web page are shown as follows:
<a pic deleted here>
DNS VPN: public -> public 172.23.38.20:24268-->10.18.110.3:53
DNS VPN: public -> public 172.23.38.20:24201-->10.18.110.3:53
ip address 188.8.131.52 255.255.255.252 address pool: nat address-group 21 184.108.40.206 220.127.116.11 mapped main page address and the sub-link address:
nat server global 18.104.22.168 inside 10.18.110.3
nat server global 22.214.171.124 inside 10.18.110.4
The configuration information indicates that the mapped public address and the egress address is on the same network segment. Packets accessing the page are forwarded from 0/0/2.
The default route is checked.
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/2 126.96.36.199
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/3 188.8.131.52
One route points to the Internet, and the other points to the education network. Because the inbound packet forwarding path is inconsistent with the outbound packet forwarding path, the user fails to open the sub link.