There are Telecom, CMCC, Unicom three Internet exports of an office site, and make professional NAT Server to each Internet export, namely an intranet Server only make NAT Server in CMCC export. Customer feedback that cannot through the Telecom line to access the NAT Server of CMCC line.
Make PBR to private network address of the CMCC NAT server intranet server, forced CMCC intranet server to go CMCC interface when return the package, can solve the problem of come-and-go path does not agree,
Configuration is as follows: the public network interface address of a CMCC NAT Server is 100.100.100. 80, corresponding to the intranet server address is 192.168.1.80, intranet server belongs to the DMZ area. In the DMZ domain make PBR, forced the device which source address is 192.168.1.80 the next hop address as 100.100.100. 80.
Check the routing, the equipment has been configured with Telecom, CMCC, Unicom detailed routing. After analysis find that the NAT Server come-and-go path from telecom user access to CMCC line is not consistent: when come, it goes CMCC interface, when return to the package go telecom interface, resulting in telecom users fail to access CMCC NAT Server.