Modify the configuration of ACL 3001 to:
acl number 3001
rule 5 deny ip destination 172.16.0.0 0.0.0.255
rule 10 permit ip source 192.168.0.0 0.0.255.255
After added a DENY rule in the ACL 3001, mismatch the address whose target network segment is server network segment to policy-based routing, make the internal network PC access server network segment routing by other routing. The priority of the policy-based routing is higher than all other routings.
Due to the customers configured the policy-based routing in the NE20-4, lead to the address of the network segment whose original address is 192.168.0.0 first matched to policy-based routing, and then the other routings (static routing, default routing) cannot be matched to. It will cause can’t access to the WEB service.
When configure the policy-based routing, pay attention to the matched ACL network segment, the address mismatched policy-based routing must be denied in the ACL.