No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Knowledge Base

NAT swithes unsuccessfully when dialer interface is down in multi-exit networking

Publication Date:  2012-09-17  |   Views:  579  |   Downloads:  0  |   Author:  SU1000864011  |   Document ID:  EKB1000014976

Contents
Issue Description Alarm Information Handling Process Root Cause Suggestions

Issue Description

There are three dialer interface to public network on USG2000 configuration, when the first Dialer2 interface is down, internal network can not access public network. Configuration as follow:
#
interface Vlanif2
pppoe-client dial-bundle-number 2      
#
interface Vlanif3
pppoe-client dial-bundle-number 3
#
interface Vlanif4
pppoe-client dial-bundle-number 4
#
interface Cellular5/0/0
link-protocol ppp
#
interface Ethernet0/0/0
pppoe-client dial-bundle-number 1
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
ip route-static 0.0.0.0 0.0.0.0 Dialer4
ip route-static 0.0.0.0 0.0.0.0 Dialer2
ip route-static 0.0.0.0 0.0.0.0 Dialer3
#
policy-based-route 2 permit node 1
  if-match acl 2000
  apply output-interface Dialer2
policy-based-route 2 permit node 2
  if-match acl 2000
  apply output-interface Dialer3
policy-based-route 2 permit node 3
  if-match acl 2000
  apply output-interface Dialer4
#
nat-policy interzone trust untrust outbound
policy 0
  action source-nat
  policy source 192.168.1.0 mask 255.255.255.0
  easy-ip Dialer1
#
nat-policy interzone trust untrust1 outbound
policy 0
  action source-nat
  policy source 192.168.1.0 mask 255.255.255.0
  easy-ip Dialer2
#
nat-policy interzone trust untrust2 outbound
policy 0
  action source-nat
  policy source 192.168.1.0 mask 255.255.255.0
  easy-ip Dialer3
#
nat-policy interzone trust untrust3 outbound
policy 0
  action source-nat
  policy source 192.168.1.0 mask 255.255.255.0
  easy-ip Dialer4

Alarm Information

none

Handling Process

1. Use internal PC access public network and check conversation:
tcp  VPN:public --> public  Zone: trust--> untrust1  TTL: 00:00:05  Left: 00:00:00
  Interface: Dialer2  NextHop: 0.0.0.0  MAC: 00-00-00-00-00-00
  <--packets:0 bytes:0   -->packets:1 bytes:48
  192.168.1.248:53469[0.0.0.0:2143]-->112.95.240.11:443
http  VPN:public --> public
  Zone: trust--> untrust1  TTL: 00:00:05  Left: 00:00:00
  Interface: Dialer2  NextHop: 0.0.0.0  MAC: 00-00-00-00-00-00
  <--packets:0 bytes:0   -->packets:1 bytes:48
  192.168.1.248:53470[0.0.0.0:2174]-->112.95.240.11:80
  Packet still go out from dialer interface,  policy-based routing is also function, but the interface is down ,so switch address is 0.0.0.0.
And switch fail.
2. Physical interface is down but dialer interface is still up when it is multi-exit interface, policy-based routing is working. We must configure ip-link check to make sure interface switch successfully. Or change the  policy-based routing;
policy-based-route 2 permit node 1
  if-match acl 2000
  apply output-interface Dialer2

Root Cause

1. Configuration problem
2. Product characteristic
3. other

Suggestions

none
Feedback
Related resources
Documentation Software Download Bulletins Tools
Related searches
By Author
Help us to improve
Write an article
Enterprise APP

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.