[AF] After the third-party connection tunnel is established, mutual access is unavailable
Problem Description
AF and Aitai Layer 3 are connected to each other in third-party mode. The tunnel has been successfully established, but the intranet cannot access each other.
Effective troubleshooting steps
- Capture packets on the Local and check that both the LAN port and the VPN port have forwarded packets.
- When capturing packets with length at the external network port, it is found that the packets have been encapsulated and sent out, but the other end reports that it has not received the corresponding packets.
Root cause
Check the peer device and find that the external network port is a dial-up line, and Obtain IP is a reserved address in the 100 Network Segment, resulting in the failure to receive the packet sent by the local end.
The reason why the tunnel can be connected is that although the other end is in a dial-up environment, it actively requests information from AF to establish a tunnel and the relevant parameters are consistent, so the tunnel is successfully established.
The reserved IP addresses are as follows:
Networks with reserved addresses can only communicate internally and cannot be interconnected with other Network. Because the reserved addresses Medium this Network may also be used by other networks, if the Network are interconnected, problems will arise when finding Layer 3 due to the non-uniqueness of the addresses.
solution
After contacting the operator to change the assigned public network IP, the tunnel communication is normal
Original Link
https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=1302&isOpen=true