Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,While running a packet capture on an access switch for a device (10.1.1.1) I blocked it's internet access on the FTD (4125) as it was trying to reach 50.1.1.1.I did this by blocking all traffic for 10.1.1.1 through the FTD with a "Block with R...
Hi all, During a recent core swap out we experienced some routed traffic being black holed. This happened when the layer 2 connections were brought up on the new core and was resolved when the layer 3 interfaces were brought up to form the OSPF neigh...
Hi all,I know this is a common thread but I'm being pressed to get this sorted ASAP. A new interface, Outside2, to send all traffic of which the vast majority goes down a VPN to a web proxy. There are three VPNs in total. I changed the interface the ...
Hi all,I'm trying to connect a WS-C6509-E, 1000BaseLH GBIC, to C9300-24T, 1000BaseLX SFP, using a single mode fibre.However, the link is not even coming up as connected. All the basic physical checks have been done.This isn't the first time this issu...
Hi all, There are two core routers with equal cost paths to them from the distribution switches. One core router needs to be taken down. If this is done gracefully how quickly will the distribution switches change its preferred route to use the other...
Hi Giuseppe,Thanks for your reply.As I replied to Jon the static routes go back to both cores. You're right that we shouldn't use static default routes on the distributions. This is our legacy network which we're looking to move away from so that wil...
Hi Jon,Thanks for your reply.The two static routes point to the P2P OSPF SVIs on the core 1 and core 2 of which the core 1 SVI was down. As the distribution SVI came up with the port channel the static route would have become a valid route again?
It turns out the above was suffice but the DNS being used on site was pointing to the old ISP which was blocking the IP address of the new ISP.Making the above changes and changing the DNS to Google resolved the issue.
Hi Crisitan,It will dual run for a short period then be shutdown. I wasn't aware a NAT statement would cause the ASA to bypass the RIB.There isn't a NAT rule in for the VPN to the web proxy. Am I right in thinking VPNs don't require a NAT rule given ...
