Version information: svn3000V100R002C01B014
| Local server | |
| |-------internet-----enterprise internal network server------ enterprise internal network server
| client | |
|—————————| external network server
Fault phenomenon: the external network users through the client landing to svn3000 virtual gateway, can access internal network resources, but cannot access remote users local internal network and external network server.
Open network function expansion, the administrator can choose different routing model, in order to realize the customer for different resource access control.
Network function expansion has three kinds of routing mode: full tunnel mode, the separation routing model, manual routing model. In this three kinds of mode, users PC generated routing table item is not the same. Under full tunnel mode, the message arrived at the local network and external network, far end enterprise network are forwarding through the virtual network adapter, therefore can only access remote enterprise network; Under separation routing mode, the message arrived at the local network is through the real nic forward, so under this mode, can visit the local network and far end enterprise network; Manual routing mode, the message arrived at the local network and external network is through the real nic forward, so under manual mode, users can visit the local network and external network, far end enterprise network resources.
Configured svn3000 network extending function’s full tunnel, can generate a virtual network adapter in the far end users PC. In the routing table, there are for PC real network and virtual network adapter different entry, as shown below
network destination netmask gateway interface matric
0.0.0.0 0.0.0.0 172.16.0.14 172.16.0.14 1
172.16.0.0 255.255.255.0 172.16.0.14 172.16.0.14 30
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 10
192.168.0.0 255.255.255.0 172.16.0.14 172.16.0.14 1
As shown above, the message to the external network is through the virtual network adapter (IP address is 172.16.0.14) forward, and the virtual network adapter is only effective for virtual gateway, so in the full tunnel mode, unable to access the external network resource. there are two routings to local internal network, the metrix value of the routing entry forwarding through the real network adapter whose IP address is 192.168.0.2 is 10, and metrix value through the virtual network adapter forwarding is 1, so will choose through the virtual network adapter forward, but the virtual IP address is invalid to local network, so in full tunnel mode, unable to access the local network.