No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU

NAT swithes unsuccessfully when dialer interface is down in multi-exit networking

Publication Date:  2012-09-17 Views:  381 Downloads:  0
Issue Description
There are three dialer interface to public network on USG2000 configuration, when the first Dialer2 interface is down, internal network can not access public network. Configuration as follow:
#
interface Vlanif2
pppoe-client dial-bundle-number 2      
#
interface Vlanif3
pppoe-client dial-bundle-number 3
#
interface Vlanif4
pppoe-client dial-bundle-number 4
#
interface Cellular5/0/0
link-protocol ppp
#
interface Ethernet0/0/0
pppoe-client dial-bundle-number 1
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
ip route-static 0.0.0.0 0.0.0.0 Dialer4
ip route-static 0.0.0.0 0.0.0.0 Dialer2
ip route-static 0.0.0.0 0.0.0.0 Dialer3
#
policy-based-route 2 permit node 1
  if-match acl 2000
  apply output-interface Dialer2
policy-based-route 2 permit node 2
  if-match acl 2000
  apply output-interface Dialer3
policy-based-route 2 permit node 3
  if-match acl 2000
  apply output-interface Dialer4
#
nat-policy interzone trust untrust outbound
policy 0
  action source-nat
  policy source 192.168.1.0 mask 255.255.255.0
  easy-ip Dialer1
#
nat-policy interzone trust untrust1 outbound
policy 0
  action source-nat
  policy source 192.168.1.0 mask 255.255.255.0
  easy-ip Dialer2
#
nat-policy interzone trust untrust2 outbound
policy 0
  action source-nat
  policy source 192.168.1.0 mask 255.255.255.0
  easy-ip Dialer3
#
nat-policy interzone trust untrust3 outbound
policy 0
  action source-nat
  policy source 192.168.1.0 mask 255.255.255.0
  easy-ip Dialer4
Alarm Information
none
Handling Process
1. Use internal PC access public network and check conversation:
tcp  VPN:public --> public  Zone: trust--> untrust1  TTL: 00:00:05  Left: 00:00:00
  Interface: Dialer2  NextHop: 0.0.0.0  MAC: 00-00-00-00-00-00
  <--packets:0 bytes:0   -->packets:1 bytes:48
  192.168.1.248:53469[0.0.0.0:2143]-->112.95.240.11:443
http  VPN:public --> public
  Zone: trust--> untrust1  TTL: 00:00:05  Left: 00:00:00
  Interface: Dialer2  NextHop: 0.0.0.0  MAC: 00-00-00-00-00-00
  <--packets:0 bytes:0   -->packets:1 bytes:48
  192.168.1.248:53470[0.0.0.0:2174]-->112.95.240.11:80
  Packet still go out from dialer interface,  policy-based routing is also function, but the interface is down ,so switch address is 0.0.0.0.
And switch fail.
2. Physical interface is down but dialer interface is still up when it is multi-exit interface, policy-based routing is working. We must configure ip-link check to make sure interface switch successfully. Or change the  policy-based routing;
policy-based-route 2 permit node 1
  if-match acl 2000
  apply output-interface Dialer2
Root Cause
1. Configuration problem
2. Product characteristic
3. other
Suggestions
none

END

Contribute Articles
Huawei Enterprise APP

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.