I have a customer that is subletting in another customer's building. We are changing their internet connection to use a new isp (my employer's).
The building owner has a private fiber network that I am using as transport to their customer.
The topology is: current_isp --- accessport vlan 399-- me3800 ----trunk ------ 2960 ------- access port vlan 399 ---- sonicwall
The sonicwall has a public ip and works perfectly with current_isp.
I went and swapped out the isp patch cable to new_isp. I gave them a new public ip, mask and gateway. I verified that it worked at the fiber ont. I then called and said it was ready, they changed their static information on the sonicwall and they could not reach the gateway.
I added another access port to the backbone switch to access that vlan with my laptop and I gave myself a static ip in their new public subnet. I could ping the gateway and their firewall and the firewall could ping me.
I asked them to test with a laptop. They entered the static ip and subnet/gateway and could reach the gateway and internet just fine.
I suspected a bad subnet mask but they insisted it was correct. I loaded up wireshark and i could see the sonicwall sending out packets to the gateway but no replies. I did not try a span port, so its possible I just didnt see the replies but I doubt it.
I think it rules out all of my configuration and hardware but I have no idea what could be wrong on the sonicwall before I start blaming them.
They also claim that there are no acls or anything that would block the traffic. That is borne out by the fact that they can ping my laptop's public ip (inside the backbone switch so layer2 only) from the inside of the firewall.
I have allocated a /26 for static allocations for this area and I am using their ont to restrict them to their assigned ips.
The subnet is X.X.X.192/26
The gateway is X.X.X.193 and I have them X.X.X.196.
No comments:
Post a Comment