All Products
Search

This Product

    :Common scenarios and solutions for failures to connect to Bastionhost on the client

    Document Center

    :Common scenarios and solutions for failures to connect to Bastionhost on the client

    Last Updated:Dec 28, 2020

    Overview

    After the configuration is complete, you may fail to connect the Bastionhost to the Bastionhost. This topic describes the common scenarios where you cannot connect to Bastionhost and the corresponding solutions.

    Detail

    The common scenarios and solutions for failed Bastionhost connection are as follows. Use the following steps based on your needs.

    Problem description

    Solution

    You cannot log on to the Bastionhost by using a public IP address.

    Check the internet access control option in the Bastionhost configuration. Make sure that the Internet access mode is enabled or the IP address you want to use for logon is added to the Internet whitelist.

    Note: financial cloud users in the China (Hangzhou) region cannot log on to the Bastionhost system by using public IP addresses.
    You cannot log on to the Bastionhost by using an internal IP address.

    In this case, check whether your client can connect to the Bastionhost over the internal network. If the two ECS instances can be connected, you need to log on to the Virtual Private Cloud system from other ECS instances that are in the same Bastionhost environment. If the login is successful, check the VPN server.

    Note: if the network type of the Bastionhost is classic network, check for any restrictions on intranet access control in the network configuration.

    You cannot connect to the public IP address of the ECS instance by using Bastionhost.

    		 Try to access the public IP of the ECS instance without using the Bastionhost system.
    • If you cannot log on to the ECS console, check the status of the ECS instance.
    • If you can log on to the console, check whether the security group of the ECS instance contains Bastionhost rules that have been automatically added. If no security group rule is available, you must re-add the Bastionhost group to the instance.
      Note: by default, some financial cloud accounts forbid you to use a public IP address to log on to the ECS instance. You must use an internal IP address to log on to the ECS instance.

    The internal IP address of the ECS instance that cannot be connected through Bastionhost.

    		 Check whether the Bastionhost instance and the target ECS instance are in the same Virtual Private Cloud or classic network.
    • If the target ECS instance is not in the same Bastionhost as the network environment, the instance cannot be accessed through the internal network. You must log on to the ECS instance through a public IP address.
    • If the ECS instance is in the same Bastionhost as the network environment, check the security group to which the ECS instance belongs, and make sure that the Bastionhost has the permission to access relevant O&M ports.

    Application scope

    • Bastionhost