Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1967
Views
25
Helpful
25
Replies

New WAN outside interface doesn't work!

Go to solution
ipv6x
Level 1
Level 1

‎09-30-2022 01:54 AM

Hello,

At my work we have buy new wan connection.

The topology is

SW_Core ----->FTD---->Outside wan1-2-3

in the SW_Core are 3 vlan:
WAN1 

WAN2 

WAN3 

From  the FTD, 
WAN1 ----> can ping wan1 gw

WAN2 ---> can ping wan2 gw

WAN3 ---> cannot ping wan3 gw.

and i don't now why?

any idea?

 

Regards,

0 Helpful
25 Replies 25

Go to solution
Aref Alsouqi
VIP
VIP

‎09-30-2022 07:44 AM

Interesting! Can you please enable ARP debugs on the FTD and try to ping the ISP IP and share the ARP debug output?

0 Helpful

Go to solution
ipv6x
Level 1
Level 1
In response to Aref Alsouqi

‎09-30-2022 08:28 AM

arp-send: arp request built from 10.10.1.3 a03d.6eb8.e77e for 10.10.1.4 at 15:24:04.025

arp-in: response at outside_colt from 10.10.1.3 d4eb.6874.0780 for 10.10.1.4 d4eb.6874.0780 having smac d4eb.6874.0780 dmac ffff.ffff.ffff
arp-send: arp request built from 10.10.1.3 a03d.6eb8.e77e for 10.10.3 at 15:24:04.905

this 10.10.1.4 is ISP GW 

Go to solution
MHM Cisco World
VIP
VIP
In response to ipv6x

‎09-30-2022 10:30 AM

Now every this is OK ARP & MAC (as you mention it is correct)
still there is only one think, 
the source of ping are it FTD interface connect to WAN3 or other interface ?
please notice this is FTD not router so it behave is different 

0 Helpful

Go to solution
ipv6x
Level 1
Level 1
In response to MHM Cisco World

‎10-02-2022 11:52 PM

The interface of FTD is connected in core switch because i can't connect directly, the ISP router is in another room CED.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎09-30-2022 10:23 AM

From the output I see the ARP gets resolved so it should work. I would try to connect the FTD interface directly to the WAN3 router and see if it works, or at least try to clear the ARP table on the router by disconnecting the cable that is connected to the switch.

0 Helpful

Go to solution
ipv6x
Level 1
Level 1
In response to Aref Alsouqi

‎10-02-2022 11:54 PM

I will do that and let you know, because i can't connect FTD to WAN3 directly because is in another room CED.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Aref Alsouqi

‎10-03-2022 07:00 AM

can I know what was issue exactly ?

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to MHM Cisco World

‎10-04-2022 01:14 AM

Until we hear back from @ipv6x I'm assuming that it is/was something to do with the ARP table on the ISP device.

Go to solution
ipv6x
Level 1
Level 1
In response to Aref Alsouqi

‎10-04-2022 03:42 AM

@Aref Alsouqi @MHM Cisco World I have removed the wan3 interface from the switch core and cleared the arp in the FTD and reboot the isp router after I connect them again and I try the ping again and it worked.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ipv6x

‎10-04-2022 04:47 AM

one more think, are two ISP run HSRP ?

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to ipv6x

‎10-06-2022 01:17 AM

Glad to know the issue is now fixed. I personally think the issue was laying on the ISP router.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card