This topic explains why you cannot ping an Elastic Compute Service (ECS) instance through an SAG-1000 device and provides solutions.

Symptoms

A local terminal cannot connect to Alibaba Cloud. For example, you fail to ping from an SAG device an ECS instance that is associated with the same CEN instance as the SAG device.

Causes

  • The connection between the local terminal and the SAG-1000 device is faulty.
  • The VPN tunnel between the SAG-1000 device and Alibaba Cloud is faulty.
  • The target ECS instance is faulty.
  • The Internet service provider (ISP) network is faulty.

Solutions

  1. Log on to the Smart Access Gateway (SAG) console.
  2. Click the ID of the target SAG instance, check whether the status is Ready.
  3. Log on to the switch console to check the connectivity between the SAG-1000 device and the switch.
    • If static routing is configured in the SAG-1000 device and the switch, ping the IP address of each port of the SAG-1000 device through the switch. If you cannot ping the IP address of a port, see Handle connection failures between an SAG device and a switch to solve port interconnection issues.
    • If you use the SAG device without a switch, check whether the second and third indicators on the right of the SAG-1000 device are yellow or continuously blinking.
      • If the second indicator is yellow or continuously blinking, the SAG device is faulty. Submit a ticket.
      • If the third indicator is yellow or continuously blinking, the VPN tunnel between the SAG device and Alibaba Cloud is unavailable. Submit a ticket.
      • If both the second and third indicators are green, go to step 4.

      For more information about indicators, see View device indicators.

  4. Check the status of the current ECS instance. Ping the ECS instances deployed in other Virtual Private Cloud (VPC) networks or configure Elastic IP addresses for the target ECS instances in the Alibaba Cloud console.
    • If you can ping other ECS instances, the current ECS instance is faulty. Handle the faults of the current ECS instance.
    • If you cannot ping other ECS instances, go to step 5.
  5. Ping other public websites through the current Internet service provider (ISP) network. If you cannot ping other public websites, check whether the ISP network is functioning.