Ruijie Community

Title: An Intranet PC Under a NAT-Enabled Egress Router Fails to Access the Internal Server Through a Domain. How to Rectify the Fault? [Print this page]

Author: admin    Time: 2017-5-4 19:03
Title: An Intranet PC Under a NAT-Enabled Egress Router Fails to Access the Internal Server Through a Domain. How to Rectify the Fault?
An Intranet PC Under a NAT-Enabled Egress Router Fails to Access the Internal Server Through a Domain. How to Rectify the Fault?

Author: admin    Time: 2017-5-4 19:03
1. Test whether the public IP address mapped to the domain name is accessible and whether the domain name is successfully resolved to the public IP address.

2. Check whether the permit-inside function is enabled on the NAT-enabled egress router.

3. Test whether the intranet PC can access the internal server by using an internal IP address to check whether the fault is due to an exception on the intranet orserver.

4. Check whether PBR is applied in the intranet port of the NAT-enabled egress router. If PBR is applied, configure the PBR ACL to reject the traffic generated arising from access to the internal server by the intranet PC.

Example:
R1(config)#ipaccess-list extended 110      //Configure ACL 110 mapped to PBR.
R1(config-ext-nacl)#10 deny ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255   //Configure the PBR ACL to reject the traffic generated arising from access to the internal server(172.16.2.0/24) from the IP address 172.16.0.0/24 on the intranet.
R1(config-ext-nacl)#20 permit ip 172.16.1.0 0.0.0.255 any   //Match the traffic generated arising from access to the external network from the IP address 172.16.1.0/24.






Welcome to Ruijie Community (https://community.ruijienetworks.com/) Powered by Discuz! X3.2