现场acg部分配置如下:
现场acg作为SSL VPN的网关,部分地址不通,使用内网交换机可以访问内网所有的地址。通过抓包查看我们acg以及收到拨号终端的报文,但是没有看到内网主机的回包 。
后续收集debug信息发现,流量从公网接口进入之后,从公网接口又出去了。
<2020-11-22 22:33:43> core 29 recv prot 1 packet 10.1.1.3 -> 10.79.132.1, length 84
<2020-11-22 22:33:43> match rcache, send to interface agg24
<2020-11-22 22:33:46> core 21 recv prot 1 packet 10.1.1.3 -> 10.79.132.1, length 60
<2020-11-22 22:33:46> Lookup route for ip packet, 10.1.1.3 -> 10.79.132.1 len 60 from interface sslvpn0
<2020-11-22 22:33:46> lookup policy
<2020-11-22 22:33:46> no policy match, default action permit
<2020-11-22 22:33:46> waf_hook: Waf hook process enter.
<2020-11-22 22:33:46> waf_hook: Waf hook process return accept.
<2020-11-22 22:33:46> match snat rule 2
<2020-11-22 22:33:46> core 21 recv prot 1 packet 119.39.44.29 -> 10.79.132.1, length 60
<2020-11-22 22:33:46> match rcache, send to interface xge27
<2020-11-22 22:33:51> core 5 recv prot 1 packet 10.1.1.3 -> 10.79.132.1, length 60
<2020-11-22 22:33:51> core 5 recv prot 1 packet 119.39.44.29 -> 10.79.132.1, length 60
<2020-11-22 22:33:51> match rcache, send to interface xge27
<2020-11-22 22:33:56> core 32 recv prot 1 packet 10.1.1.3 -> 10.79.132.1, length 60
<2020-11-22 22:33:56> Lookup route for ip packet, 10.1.1.3 -> 10.79.132.1 len 60 from interface sslvpn0
<2020-11-22 22:33:56> lookup policy
<2020-11-22 22:33:56> no policy match, default action permit
<2020-11-22 22:33:56> waf_hook: Waf hook process enter.
<2020-11-22 22:33:56> waf_hook: Waf hook process return accept.
<2020-11-22 22:33:56> match snat rule 2
<2020-11-22 22:33:56> core 32 recv prot 1 packet 119.39.44.29 -> 10.79.132.1, length 60
<2020-11-22 22:33:56> match rcache, send to interface xge27
<2020-11-22 22:34:01> core 11 recv prot 1 packet 10.1.1.3 -> 10.79.132.1, length 60
<2020-11-22 22:34:01> core 11 recv prot 1 packet 119.39.44.29 -> 10.79.132.1, length 60
<2020-11-22 22:34:01> match rcache, send to interface xge27
现场配置了负载均衡,流量进入acg之后匹配负载均衡策略后又被策略从接口发出(类似防火墙),后续现场修改负载均衡策略之后问题解决。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作