I hope this to be an easy oversight at our remote facility. We had installed a new MPLS circuit We were able to get the new link plugged into our core and updated the AS number, based on what the carrier provided. I can confirm that BGP is up, and connectivity back to our remote datacenter has been restored.
The issue:
VPN users in this remote facility (with the new MPLS) are unable to access resources at the datacenter.
From the ASA, tracing an IP to the datacenter times out:
Tracing the route to 10.1.12.1 1 125.213.167.70 18 msec 18 msec 20 msec 2 10.55.253.190 18 msec 17 msec 18 msec 3 10.55.252.54 18 msec 18 msec 10.55.252.58 18 msec 4 10.55.253.2 22 msec 18 msec 21 msec 5 * * * 6 * * * The only relevant configuration on the ASA that I saw was for EIGRP, but restarting its process didn’t seem to help:
router eigrp 18 eigrp router-id 10.5.254.1 network 10.5.0.0 255.255.0.0 passive-interface default no passive-interface inside redistribute static And on the core, where the MPLS terminates, relevant config:
router eigrp 12 network 10.5.0.0 0.0.255.255 redistribute bgp 65005 metric 100 1 255 1 1500 passive-interface default no passive-interface GigabitEthernet1/0/1 eigrp log-neighbor-warnings 300 ! router bgp 65005 bgp log-neighbor-changes redistribute connected redistribute static route-map STATIC-TO-BGP redistribute eigrp 12 neighbor 10.5.254.5 remote-as 3452 neighbor 10.5.254.5 prefix-list no-default-route in I must be missing something basic - but I haven't been able to pinpoint it.
Again, onsite users can access resources at the remote datacenter. It appears to only be VPN users.
Does anyone have suggestions, or please let me know if I can provide more detail
No comments:
Post a Comment