MSR810 cannot go online Cloudnet normally
- 0 Followed
- 0Collected ,1019Browsed
Network Topology
The router can access the Internet through dial-up, and the next hop in the routing table is the VPN Server.
Problem Description
MSR810 cannot go online Cloudnet normally
Process Analysis
1. The device can resolve the oasiscloud domain name normally
<H3C>ping oasiscloud.h3c.com Ping oasiscloud.h3c. com (52.163.242.100): 56 data bytes, press CTRL C to break Request time out Request time out Request time out Request time out Request time out
<H3C>dis cloud-management state
Cloud management state: Unconnected
Device state: Request
Cloud server address: 52.163.242.100
Server domain name: oasiscloud.h3c.com
Cloud connection mode: Https
Cloud server authentication port: 19443
Process state: Message received
3. Tried to ping 8.8.8.8 and found that direct ping can not ping through, can only ping through 8.8.8.8 with source loop0 address.
4. Tried to trace the packet path and find that the packet is discarded on one device during direct ping. After investigation, it is because the customer has set restrictions on the VPN server. Only the address with the source address of loopback can be passed through, and the address used for direct ping is the Eth interface address.
Direct Ping:
Loopback0 address as the source to Ping:
5. Since the VPN server configuration cannot be changed, only the messages interacting with Cloudnet can be dialed out of the external network from the Eth interface, and a higher priority route is configured, with 52.187.3.51 as the connection address of the Cloudnet network device.
ip route-static 52.187.3.51 32 Eth-channel1/0:0 preference 1
6. Configure routing and the device comes online to Cloudnet normally
Solution
Configure a higher-priority route so that messages to 52.187.3.51 exit the Eth port.
ip route-static 52.187.3.51 32 Eth-channel1/0:0 preference 1