So i have a customer who has several remotes sites set up in an IP-VPN (MPLS) that try get their internet through the Head Office.
All the devices in the head office can get to the internet and all the remote sites can reach the head office, but all the remotes site traffic stop at the Head Office and never go to the internet.
The head office does BGP peering with the Service Provider and the remote sites learn the routes back of the service providers with RIPv2, and all have learnt static's pointing to the Service Provider next hop.
The head office has a static that points to the Firewall/Internet but traffic doesn't seem to be getting picked up by the default route for the remote sites when it reaches the head office.
One thing i found peculiar is that the L3 Head Office switch has the Firewall/Internet as an OSPF neighbor but they seem to be on two different networks:
L3-CORE-SW#sh ip ospf ne
Neighbor ID Pri State Dead Time Address Interface
10.255.255.1261 FULL/DR 00:00:39 10.255.255.126 Vlan255
interface Vlan255
description *** Routed uplink to Firewall/Internet***
ip address 10.255.255.121 255.255.255.248
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 2b14d20c
ip ospf network broadcast
ip ospf cost 10
end
They are on a /29 network VLAN 255 in in range 10.255.255.16/29 while the Firewall is in 10.255.255.24/29 range but OSPF is UP.
The remotes sites however can't ping the Firewall but they can ping the L3 switch which has a direct connection to the Firewall and a static route pointing to the Firewall
Ref Image:
No comments:
Post a Comment