Juniper SA系列设备,如果internal接口的网关不可达,那么external接口和virtual ip address均不会生效,虽然internal接口的ip地址可以ping通。换言之,internal接口的网关是否可达,是判断设备是否正常启动的标准。
详见下面的KB:
Virtual IP and / or External port not available
Knowledge Base ID: KB8815
Version: 2.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . SSL VPN
. SSL_VPN_(IVE_OS)
Synopsis:
Virtual IP address and / or External IP address are not pingable or accessible, but the Internal IP address is pingable and can be accessed.
Problem:
The external and / or virtual IP address is not pingable or accessible, while the Internal IP address is pingable and can be accessed.
Solution:
If the IVE is not able to contact the internal gateway, the external and any virtual IP addresses will not activate but the internal IP address will be pingable. The internal gateway is used to measure if the system is up correctly, so without the internal gateway, Virtual IP addresses and the External interface will not be activated.
If the internal gateway is not reachable please check to ensure that that device is up and running, that it’s in the same subnet as the IVE’s internal port IP address, and other normal network connectivity tests (i.e., does it have an ACL that restricts connection from IVE’s internal interface IP or subnet, or other devices able to reach it?, etc…).
0 Comments.