Publication Date: 2019-07-19 | Views: 1502 | Downloads: 0 | Author: SU1001886249 | Document ID: EKB1000423222
Take in consideration below topology. On USG is running V5R1.
G0/0/0 is management interface. It is configured like below. Gateway is AR1.
ip binding vpn-instance YYY
ip address X.X.29.209 255.255.255.252
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
As you know, after we use command gateway X.X.29.210 when parameter no-route is not specified (as in our example) a default route with its protocol as Gateway is generated. The next hop is the gateway address specified on the interface. The route configuration command (ip route-static) is not automatically generated when the device delivers route entries. You cannot use undo ip route-static command to delete the static route.
If we check the configuration, a default route has been generated with next hop gateway.
If we try to ping the USG from AR1 is working but if we try to ping the USG from Internet is not working. Ping from Internet to AR1 is working.
It seems that on V5R1 by default, G0/0/0 is bound to default vpn-instance.
The easy solution in this case is to remove the default configuration "ip binding vpn-instance YYY" under interface G0/0/0. After, the connection from Internet towards USG will work.