Apologies for however "novice" this question may (or may not) be. I've stuck with static routing for \WAY** longer than I reasonably should have and am now busy giving myself a crash course in BGP.
I'm trying to peer a Cisco Nexus Switch (pair) with my Palo Alto firewalls via BGP so I can remove (a LOT of) defined static routes. When I'm VPN'd in to the PA, I can ping through to a network directly connected to my Cisco Nexus switches (Ex: 10.250.0.10). When I look at the routing table on the PA, I see this (Ex):
admin@Firewall(active)> show routing protocol bgp loc-rib | match 10.250.0.0
10.250.0.0/24 10.0.0.32 10.0.0.2 0 100 igp 0 0 65105,65104,65104,65104,65104,65104*10.250.0.0/24 10.0.0.1 Local 0 100 i/c 0 0
When I remove the static route from the PA, my VPN client can no longer ping through to 10.250.0.10, however the PA can *and* it still has an entry in the routing tab (Ex):
admin@Firewall(active)> show routing protocol bgp loc-rib | match 10.250.0.0
*10.250.0.0/24 10.0.0.32 10.0.0.2 0 100 igp 0 0 65105,65104,65104,65104,65104,65104
...am I having a ROUTING problem, or am I having some VPN client configuration problem? The network in question *is* defined in the GlobalProtect Access Routes, so I'm unclear as to why it drops when I take away the static route (since the firewall still sees the BGP one).
Any assistance / guidance would be appreciated. Thank you!
No comments:
Post a Comment