External network: though optical fiber transceiver transfer a twisted pair connects to the peer vendor’s anti-poison wall.
Peer vendor’s anti-position wall: uses transport mode, up connects to the Netcom optical fiber transceiver, down connects to the peer vendor’s switch.
USG3040 firewall: A and B do two node cluster hot backup, the twisted pair connects to peer vendor’s switch; A and B connect each other through optical fiber, which connects the core switch S9306.
S9306: two optical ports on switch connect USG firewall A and B; through the twisted pair connects to server; on switch two ports do port aggregation, through fiber connects S2300 switch.
S2300: switch through optical fiber connect to the core switch.
nat server global 184.108.40.206 inside 192.168.1.106
nat server global 220.127.116.11 inside 192.168.1.105
Public network virtual-ip 18.104.22.168. Realize the point to point mapping from internal network to external network, but access server abnormally, even can’t access for a long time.
1. Check VRRP configuration and HRP configuration and VGMP configuration;
2. Modify the configuration
nat server global 22.214.171.124 inside 192.168.1.106 vrrp 4
nat server global 126.96.36.199 inside 192.168.1.105 vrrp 4
When doing two-node cluster hot backup, when the NAT address pool address or the NAT Server’s public network IP address and VRRP group's virtual IP address are in the same network segment, the ascending-descending device transmits the ARP request to the NAT address pool or NAT Server public network IP, two USG3040 will respond to the ARP text, thus creates the collision, impact the movement of the regular service.
When the two-node hot backup makes nat server, if the NAT address pool address or the NAT Server public network IP address and VRRP group's virtual IP address are in the same network segment, must add VRRP VRID, otherwise needs not to add.