Unfortunately I forgot to get a dump of the config and I’m writing this in my hotel room from memory.
Today was a BAD day. Customers firewall went tits up and there was no firewall to spare…and the customer didn’t have any documentation on their network at all. Essentially what they have is an external router with a T-1 and a frac-T in two serial ports going into a fast ethernet port which hooks into (the now defunct) firewall, going into some kind of filtering appliance which then hooks into their layer 3 switch that is serving up their VLANs on their local network. There is no routing on this network…it simply uses default routes with each device pointing to the device above it and the external router set up to do load balancing with unequal weighted default routes pointing at the T-1 as the primary and frac-T as the secondary.
Seemed like a simple problem, even considering the lack of documentation…problem is I couldn’t make it work no matter what I did. I tried for about 10 hours today before I gave up before my head exploded and headed back to the hotel to think about it. I’m drawing a blank…I have no idea why.
What was happening was that I could ping from the interior network all the way through the external router and even hit the ISP’s gateways…but I couldn’t go beyond that. Yet, the external router could ping and resolve to the ISP’s DNS server with no problem, so I know that both links were up. I tried shutting down first one then the other link. I eliminated the filter box. I reconfigured and eventually eliminated the 3560 layer 3 switch. I verified that the internal DNS was pointing outside (they are using Windows 2003 with some kind of weird conditional forwarding thingy I had never seen before…but I eliminated this as a possible problem by simply trying static addressing pointing directly to the ISP’s DNS servers).
I know this isn’t a lot to go on, and I doubt I’ll even get a response to this…but if anyone has any thoughts they would be gratefully received. Even off the wall stuff. This is only a default routing system…this stuff should be cake. Yet I can’t make it work!
-XT