Ping Tests Between Cloud and On-premises Networks Fail
Symptom
- Servers in an on-premises data center cannot ping ECSs in a Huawei Cloud VPC.
- ECSs in a Huawei Cloud VPC cannot ping the servers in an on-premises data center.
Possible Causes
- The security group configuration on the Huawei Cloud management console is incorrect.
- The ACL configuration on the customer gateway device is incorrect.
- The route configuration on the customer gateway device is incorrect.
Procedure
- Check the security group configuration on the Huawei Cloud management console.
- Verify that the default security group on the Huawei Cloud management console permits data flows destined for the customer subnet.
To check the default security group on the Huawei Cloud management console, perform the following steps:
- Choose Virtual Private Network > Enterprise – VPN Gateways, and click the name of the VPC associated with the VPN gateway.
- On the Virtual Private Cloud page, click the number in the Route Tables column.
- On the Route Tables page, click the name of the route table.
- Locate and click the next hop of the active or standby EIP of the VPN gateway.
- On the Associated Security Groups tab page, check whether the security group permits traffic of the ports.
- Verify that the default security group on the Huawei Cloud management console permits data flows originated from the customer subnet.
- Verify that the default security group on the Huawei Cloud management console permits data flows destined for the local subnet.
- Verify that the default security group on the Huawei Cloud management console permits data flows originated from the local subnet.
- Verify that a security group permits data flows from the ECSs on Huawei Cloud to the customer subnet.
To check whether such a security group has been configured, choose Compute > Elastic Cloud Server and click More > Manage Network > Security Group Rule Configuration in the Operation column.
- Verify that a security group permits data flows from the customer subnet to the ECSs on Huawei Cloud.
- Verify that the default security group on the Huawei Cloud management console permits data flows destined for the customer subnet.
- Check the ACL configuration on the customer gateway device.
- Verify that an ACL rule on the customer gateway device permits data flows destined for the local subnet of the Huawei Cloud VPN gateway.
- Verify that an ACL rule on the customer gateway device permits data flows originated from the local subnet of the Huawei Cloud VPN gateway.
To check the local subnet of the Huawei Cloud VPN gateway, choose Virtual Private Network > Enterprise – VPN Gateways, click the VPN gateway name, and view the value of Local Subnet in the Basic Information area.
- Check the route configuration on the customer gateway device.
- Verify that the public network route is correctly configured. That is, the destination address is an EIP of the Huawei Cloud VPN gateway, and the next hop is the egress interface address of the customer gateway device.
- Verify that the private network route is correctly configured. That is, the destination address is the local subnet of the Huawei Cloud VPN gateway, and the next hop is the egress interface address of the customer gateway device.
To check the local subnet of the Huawei Cloud VPN gateway, choose Virtual Private Network > Enterprise – VPN Gateways, click the VPN gateway name, and view the value of Local Subnet in the Basic Information area.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
