No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


TTL expired is whose error?

Publication Date:  2012-09-13 Views:  1420 Downloads:  0

Issue Description

 A customer network:
                                     |         |          |

DMZ area has several Servers, PC access to all Server applications, normally. But when Ping Server, it returns "TTL expired in transit"

Alarm Information


Handling Process

1. Recommend customer change all into one-to-one mapping. Public IP problem, customer can’t accept it.
2. Increase nat server protocol icmp global IP_A inside IP_B vrrp 3  , to solve the routing loop problem.

Root Cause

 The default network data packet TTL value is 16, means that a date packet after passing 16 routers or the PCs that have set routing function still can not successfully reach the destination, the packet will be discarded, and this is TTL expired.
1. According to the above, suspect network loop firstly. Disconnect the main and standby line respectively, the problem as for old, exclude two-node cluster problem.
2. Further testing, and found that some of the Servers can Ping, part can’t Ping.
Analysis NAT Server configuration, finally found the cause of the problem:
nat server protocol tcp global IP_A 80 inside IP_B 80 vrrp 3       --------port mapping
nat server protocol global IP_C inside IP_D vrrp 3                        -------- one-to-one address mapping
PC Ping IP_C is the ICMP registration mapped into IP_D,it can Ping; PC Ping IP_A, no ICMP mapping, routing back SW1 .There is a loop between SW and USG ,so it can’t Ping.


 This configuration problem is generally exist, most peer vendor products do like this. It does not belong to the BUG.
Configure a black-hole route on the USG can also resolves this problem. the result of the Ping is changed into Time out.