作者:mobiledu2502887493 | 来源:互联网 | 2023-06-08 13:20
ISP网关设备的ARP问题造成NetscreenMIP映射不成功引用ISP网关设备的ARP问题造成NetscreenMIP映射不成功如果被用来做MIP映射的外网IP地址最近曾在其它设
ISP网关设备的ARP问题造成Netscreen MIP映射不成功
引用
ISP网关设备的ARP问题造成Netscreen MIP映射不成功
如果被用来做MIP映射的外网IP地址最近曾在其它设备上使用过,刚有可能会出现以下情况:
1、和UNTRUST接口IP一样的MIP地址会映射成功,其它和UNTRUST接口IP不一样的MIP映射都不能访问,在内部网络下都可以成功访问。
解决方法:
1、通知ISP对网关设备重启或清除ARP列表。
2、把untrust接口地址和每个不通的MIP地址对调,访问外网正常后,再对调回来。
3、ping 192.168.11.2 from mip 10.1.1.3
(ISP网关地址或其它外部IP)(不能访问的MIP地址)
Solution ID: nskb698
MIP not working
If the IP address used for the MIP was previously configured on another network device connected to the Internet router, there may be problems with the new MIP address.
1、Clear the arp cache by rebooting the router that is on the untrusted side of the Netscreen
2、If you cannot clear the arp cache or reboot the router:
1、Swap the IP address on the Untrust interface for the MIP address
2、Ping the router on the untrust side to force the arp cache on the router to be updated with the MIP address with the MAC address of the untrust interface
3、Revert the IP configuration back to the original IP addresses
ping example:
ping 10.100.2.11 count 4 from ethernet1
ping 192.168.11.2 from mip 10.1.1.3
ping 10.100.2.11 count 4 size 1000 time-out 3
ping 10.100.2.171 count 3
使用VBS脚本快速执行:
NS.vbs
set sh=WScript.CreateObject("WScript.Shell") WScript.Sleep 1000 sh.SendKeys "telnet 防火墙IP" sh.SendKeys "{ENTER}" WScript.Sleep 1000 sh.SendKeys "user{ENTER}" WScript.Sleep 1000 sh.SendKeys "pwd{ENTER}" WScript.Sleep 800 sh.SendKeys "ping 220.181.6.6 from e3{ENTER}" '从Untrust口Ping百度IP WScript.Sleep 500 sh.SendKeys "set interface e3 ip 219.141.15.21/24{ENTER}" '设置Untrust接口地址为映射不成功的MIP地址 WScript.Sleep 500 sh.SendKeys "save{ENTER}" WScript.Sleep 500 sh.SendKeys "ping 220.181.6.6 from e3{ENTER}" WScript.Sleep 500 sh.SendKeys "set interface e3 ip 219.141.15.20/24{ENTER}" '恢复Untrust接口地址为初始地址 WScript.Sleep 500 sh.SendKeys "save{ENTER}" WScript.Sleep 500 sh.SendKeys "Exit{ENTER}" WScript.Sleep 500 sh.SendKeys "Exit{ENTER}" WScript.Sleep 500 |
NS.bat
@echo off %comspec% /k cscript //Nologo NS.vbs |