Started at 9PM last night. Tore down BGP config, which was 2 routers each linked to ISP A and ISP B. Rebuilt minus old spaghetti, and with a third ISP C. Peering worked. Was very happy.
But a couple devices are down. One is a vendor VPN box. Another is Cisco expressway VM. Both do not have public IPs, but have VIPs on a fortigate firewall. Expressway is acting like it has no internet at all. I can see the ping/DNS attempts on the fortigate- traffic goes out but doesn't come back. Not being blocked, just not getting return traffic on the firewall.
Which would suggest a routing problem, except the rest of the network is fine. That being said the routing was coming in asymmetrically, so I shut ISP C. Now we are back to ISP A and B, but I'm only using A right now to keep it simple. Both of above devices are still not connecting.
I suspect 1) ISP issue with inbound traffic. This is basically confirmed. But it doesn't explain the VPN box and expressway. For that I suspect 2) fortigate issue, or the IPS on the inside interface of it.
But this is serious enough that i haven't slept yet. Its 6am, the director just told me to call the firewall team at 7am- so, dont sleep.
Any help appreciated!
No comments:
Post a Comment