We have a firewall for third parties (FW3) and a firewall for secure hosts (FW1) that run eigrp between them via a pair of Nexus 93180s. They also both are eigrp neighbors of the L3 edge of our new backbone. This environment runs fine for connections between FW1 hosts and FW3 third parties. It also runs well for internal hosts at other sites accessing the same third parties.

Last week, I converted FW3 to BGP to interface with our new backbone. This involved passing through the same first pair of Nexus at L2 as before, but now adds a BGP connection up to another level of Nexus which is the edge of our new backbone (previously an eigrp relationship). FW1 remained eigrp to the same L3 Nexus routing layer. 

So now, the local internal FW1 hosts follow an eigrp route to the L3 Nexus pair, and then follow a BGP route to the FW3 then out to the third party connection. The ultimate plan is to connect all firewalls with BGP to new backbone. This was a complex conversion, after which, routing was solid, and I was ready to move on to the next step, however, our app support persons reported that their connections were resetting and not remaining up. I checked everything over, interfaces, routing, MTUs… nothing stands out. 

The primary change was to convert to BGP, requiring the traversal of that next higher L3 Nexus layer. That top routing layer has been in service for over a year and supports a business critical location with no issues. So, I am at a loss to explain these TCP connection issues. We had to back out the change, and all was well again. 

thanks in advance for any suggestions you may offer!