No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Web Pages Cannot Be Opened When Two Outbound Interfaces Are Available

Publication Date:  2013-12-31 Views:  605 Downloads:  0

Issue Description

USG5100              ————    pppoe     untrust         Next hop      
                             ————              untrust         Next hop

Two public network interfaces are located in the untrust zone. During the NAT, the private network segment is translated using The policy-based routes on the private network segment are sent from PPPoE links and default routes on other private network segments are sent from the next hop of
The customer cannot open web pages but can ping the corresponding websites.

Alarm Information


Handling Process

Change the TCP-MSS value. The fault persists.
Access and capture packets.

No HTTP Response packet is received.
Check session information.
http  VPN:public --> public
  Zone: trust--> untrust  TTL: 00:10:00  Left: 00:09:58
  Interface: GigabitEthernet0/0/1  NextHop:  MAC: 00-23-ff-21-4d-ae
  <--packets:1 bytes:52   -->packets:6 bytes:252[]-->
The routes are sent through the next hop of
Check whether the PBR is matched. Modify the PBR configuration, and the fault is rectified.

Root Cause

1. The TCP-MSS value on the PPPoE link is incorrect.
2. Other faults that may occur when two outbound interfaces are available.


When two outbound interfaces are available, pay attention to the packet direction.