UTT 2512和2620建立L2TP VPN后不能ping通对方内网IP分析
文档编号:1256
浏览:9343 评分:12
最后更新于:2012-09-07
——此文档截图基于UTT 2512的V12版本
故障描述:
用户UTT 2512和Hiper2620之间建立L2TP VPN,VPN已建立,但是发现ping对方的LAN口IP地址,发现Ping不通。
故障现象:
1.在分部的UTT2512的路由器上ping总部路由器的LAN口地址是可以通的
utt% ping 192.168.0.168
PING 192.168.0.168 (192.168.0.168) with 64 bytes (56 data):
Reply 64 bytes (56 data) from 192.168.0.168: seq=0 ttl=127 time=20 ms
Reply 64 bytes (56 data) from 192.168.0.168: seq=1 ttl=127 time=20 ms
Reply 64 bytes (56 data) from 192.168.0.168: seq=2 ttl=127 time=10 ms
Reply 64 bytes (56 data) from 192.168.0.168: seq=3 ttl=127 time=20 ms
Reply 64 bytes (56 data) from 192.168.0.168: seq=4 ttl=127 time=20 ms
2.在总部的Hiper2620路由上ping分部路由器的LAN口地址ping不通
Hiper% ping 192.168.1.168
PING 192.168.1.168 (192.168.1.168) with 64 bytes (56 data):
分析诊断:
1.在分部UTT2512上查看路由表
utt% show ip route table
Route Flags:
* -Hidden, o -OSPF, i -ICMP, l -Local, r -RIP, n -SNMP, c -Connected
s -Static, R -Remote, g -Gateway, h -Host, p -Private, u -Up, t -Temp
M -Multiple, F -Float, a -Append, N -NAT, x -rtNAT, y -NATrt, B -BIND
E -IPSec , ? -Unknown
IpAddr/Mask GwIpAddr IfId Flag Cost Met Use Age
ActiveRoutes:
0.0.0.0/0 182.121.46.220 ptp0 lugaNy 60 1 21864 5088
0.0.0.0/0 - ptpdial0 *luga 120 7 0 5088
10.10.10.15/32 - local Ruhtp 60 0 0 5084
127.0.0.0/8 - bhole0 cup 20 0 0 84055
127.0.0.1/32 - local cuhp 20 0 167734 84055
127.0.0.2/32 - reject0 cuhp 20 0 0 84055
127.0.0.3/32 - bhole0 cuhp 20 0 0 84055
182.121.46.220/32 - local Ruhtp 60 0 27892 5088
192.168.0.0/24 10.10.10.15 ptp14 lug 60 1 7052 5084
192.168.0.1/32 10.10.10.15 ptp14 lugh 60 1 2540 5084
192.168.1.0/24 - ie0 cua 20 0 9017 7239
192.168.1.1/32 - local cuhp 20 0 1618 7942
192.168.1.168/32 - local cuhp 20 0 3745 7239
192.168.15.1/32 - local cuhp 20 0 16053 84053
192.168.17.0/24 - ie1 cua 20 0 2 84055
192.168.17.1/32 - local cuhp 20 0 0 84055
224.0.0.0/4 - mcast cup 20 0 0 84055
224.0.0.1/32 - local cuhp 20 0 0 84055
224.0.0.2/32 - local cuhp 20 0 0 84055
224.0.0.5/32 - bhole0 cuhp 20 0 0 84055
224.0.0.6/32 - bhole0 cuhp 20 0 0 84055
224.0.0.9/32 - local cuhp 20 0 0 84055
224.0.0.18/32 - bhole0 cuhp 20 0 0 84055
239.255.255.250/32 - local cuhp 20 0 63 84055
255.255.255.255/32 - ie0 cuhp 20 0 0 5088
2.在Hiper路由器上查看路由表
hiper% show ip route table
Route Flags:
* -Hidden, o -OSPF, i -ICMP, l -Local, r -RIP, n -SNMP, c -Connected
s -Static, R -Remote, g -Gateway, h -Host, p -Private, u -Up, t -Temp
M -Multiple, F -Float, a -Append, N -NAT, x -rtNAT, y -NATrt, B -BIND
E -IPSec , ? -Unknown
IpAddr/Mask GwIpAddr IfId Flag Cost Met Use Age
ActiveRoutes:
0.0.0.0/0 123.7.183.129 ie1 lugpaNy 60 1 5854 1993
10.10.10.12/32 10.10.10.12 ptp3 Ruht 60 1 206 1990
123.7.183.128/26 - ie1 cuaNy 20 0 1215459 501838
123.7.183.176/32 - local cuhp 20 0 2132489 501838
127.0.0.0/8 - bhole0 cup 20 0 0 501840
127.0.0.1/32 - local cuhp 20 0 0 501840
127.0.0.2/32 - reject0 cuhp 20 0 0 501840
127.0.0.3/32 - bhole0 cuhp 20 0 0 501840
192.168.0.0/24 - ie0 cua 20 0 1886 4143
192.168.0.1/32 - local cuhp 20 0 810 4143
192.168.15.0/24 10.10.10.12 ptp3 lug 60 1 0 1990
192.168.15.1/32 10.10.10.12 ptp3 lugh 60 1 0 1990
192.168.16.1/32 - local cuhp 20 0 249125 501840
192.168.18.0/24 - ie2 cua 20 0 2 501840
192.168.18.1/32 - local cuhp 20 0 0 501840
224.0.0.0/4 - mcast cup 20 0 0 501840
224.0.0.1/32 - local cuhp 20 0 0 501840
224.0.0.2/32 - local cuhp 20 0 0 501840
224.0.0.5/32 - bhole0 cuhp 20 0 0 501840
224.0.0.6/32 - bhole0 cuhp 20 0 0 501840
224.0.0.9/32 - local cuhp 20 0 0 501840
224.0.0.18/32 - bhole0 cuhp 20 0 0 501840
239.255.255.250/32 - local cuhp 20 0 433 501840
255.255.255.255/32 - ie0 cuhp 20 0 1 1993
3.发现问题所在,发现去往对端内网的IP是192.168.15.0这个网段的
192.168.15.0/24 10.10.10.12 ptp3 lug 60 1 0 1990
192.168.15.1/32 10.10.10.12 ptp3 lugh 60 1 0 1990
然后,查看UTT2512的路由器上VPN配置
4.查看HiPER2620路由器上VPN配置
5.检查用户配置的远端内网地址,发现用户配置成192.168.15.1,所以造成ping不通对方内网,在总部的VPN配置将去住远端内网地址修改为192.168.1.168后就可以了。
测试结果:
hiper% ping 192.168.1.168
PING 192.168.1.168 (192.168.1.168) with 64 bytes (56 data):
Reply 64 bytes (56 data) from 192.168.1.168: seq=0 ttl=255 time=20 ms
Reply 64 bytes (56 data) from 192.168.1.168: seq=1 ttl=255 time=10 ms
Reply 64 bytes (56 data) from 192.168.1.168: seq=2 ttl=255 time=10 ms
Reply 64 bytes (56 data) from 192.168.1.168: seq=3 ttl=255 time=20 ms
utt% ping 192.168.0.168
PING 192.168.0.168 (192.168.0.168) with 64 bytes (56 data):
Reply 64 bytes (56 data) from 192.168.0.168: seq=0 ttl=127 time=20 ms
Reply 64 bytes (56 data) from 192.168.0.168: seq=1 ttl=127 time=20 ms
Reply 64 bytes (56 data) from 192.168.0.168: seq=2 ttl=127 time=20 ms
Reply 64 bytes (56 data) from 192.168.0.168: seq=3 ttl=127 time=20 ms
2024 ©上海艾泰科技有限公司 版权所有 沪ICP备05037453号-1
沪公网安备 31011702003579号