05-13-2024 07:58 AM
Hello,
I have a problem with a client regarding L4-L7 (PBR) contracts that are not working properly.
The customer today has 2 L3-Outs, both with OSPF configured, 1 L3-Out in Area Backbone and the other L3-Out in Area 0.0.0.1, as its neighbor (7K) already has area 0 with another neighbor.
When we migrated to this L3-Out structure (OSPF Hub-Spoke), we had no communication in transits, that is, the insertion contracts in the External EPG of both L3-OUT were not taking effect.
I created a Vzany permit all in the default vrf (both l3-out are in the same vrf).
Now, the client needs me to make the L4-L7 contracts work because he needs the traffic to pass through the Paloalto firewall (the device is currently configured in the service template).
I believe that the contracts did not work because both L3-Out are with 0.0.0.0/0 (External subnet for the external EPG).
Solved! Go to Solution.
05-13-2024 09:28 AM
Hi @jurandir-braz ,
The problem you expose can have several known causes. You would need to give a lot of configuration and setup details for us to help, or even having a troubleshooting session with you.
That is typically a case where you can involve either the TAC support or CX Advanced Services where we would guide you to a solution and better understanding on the topic.
05-13-2024 09:28 AM
Hi @jurandir-braz ,
The problem you expose can have several known causes. You would need to give a lot of configuration and setup details for us to help, or even having a troubleshooting session with you.
That is typically a case where you can involve either the TAC support or CX Advanced Services where we would guide you to a solution and better understanding on the topic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide