No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Policy-based routing leads to PC can’t use the private network address access web server

Publication Date:  2012-11-09 Views:  168 Downloads:  0

Issue Description

Customers in the internal network PC uses private network address access WEB SERVER, cannot open the WEB page. 

Alarm Information


Handling Process

NE20-4 policy-based routing configuration is as follows:
acl number 3001
rule 10 permit ip source
traffic classifier neiwang
if-match acl 3001
traffic behavior neiwang
remark ip-nexthop GigabitEthernet1/0/1
traffic policy neiwang1
classifier neiwang behavior neiwang

interface GigabitEthernet1/0/0
description link-down IPS
ip address
traffic-policy neiwang1 inbound

Modify the configuration of ACL 3001 to:
acl number 3001
rule 5 deny ip destination
rule 10 permit ip source

After added a DENY rule in the ACL 3001, mismatch the address whose target network segment is server network segment to policy-based routing, make the internal network PC access server network segment routing by other routing. The priority of the policy-based routing is higher than all other routings.

Root Cause

Due to the customers configured the policy-based routing in the NE20-4, lead to the address of the network segment whose original address is first matched to policy-based routing, and then the other routings (static routing, default routing) cannot be matched to. It will cause can’t access to the WEB service.


When configure the policy-based routing, pay attention to the matched ACL network segment, the address mismatched policy-based routing must be denied in the ACL.