I have 2 x border leaf switches into which I have 2 x separate L3 out connections. Both are in the same VRF.
Layer 3 Out one goes to a WAN router, Layer 3 Out two goes to a Firewall. The L3 Outs are both configured with OSPF.
I learn OSPF routes from a DMZ interface (attached to the Firewall) on the WAN router (set using Export Route Control Subnet in Networks under Firewall L3 outs). Additionally, I learn the WAN routes on the Firewall using the same method for the WAN L3 Out.
I can’t ping a host on the DMZ from the WAN side, so I suspected it was to do with transit routing limitations or Contracts. However, my design currently allows all EPG’s to talk (set under the VRF).
The Firewall ACL config permits the private WAN source network to connect to DMZ.
Can someone point me in the right direction please. I'm missing something obvious.
Long story short. My server Admin had some routes on the server which were incorrectly configured. We've since amended and now I can ping the device needed. Quite frustrating but nonetheless glad it's sorted.