Hi all,
Users are connected to the EX swithes in VC are able to access to internet. No problem...
Topology is:
200 users---------->Ex4200 inVC -----ae3.0--------->Palo alto F/w----->internet
But on the VC it is not able to ping 8.8.8.8 or 8.8.4.4 or 13.225.146.9
> ping 8.8.8.8 source 172.20.184.54
Ip address of 172.20.184.54 is sit on the VC as l3 vlan 15
There is a only default route on VC to paloalto......When checking routing:
> show route forwarding-table destination 8.8.8.8
Routing table: default.inet
Internet:
Destination Type RtRef Next hop Type Index NhRef Netif
default user 1 0:bb:14:2:2:31 ucst 1377 4 vlan.15
default perm 0 rjct 36 2
> show ethernet-switching table | match 02:31
VLAN-INTERNAL 0:bb:14:2:2:31 Learn 0 ae3.0
And ae3.0 has 2 physical aggregate members that directly connected to paloalto...
During the running ping to 8.8.8.8, monitor traffic shows as below:
17:07:20.437298 Out IP 172.20.184.54 > 8.8.8.8: ICMP echo request, id 19784, seq 7, length 64
17:07:21.439282 Out IP 172.20.184.54 > 8.8.8.8: ICMP echo request, id 19784, seq 8, length 64
17:07:22.440235 Out IP 172.20.184.54 > 8.8.8.8: ICMP echo request, id 19784, seq 9, length 64
17:07:23.441234 Out IP 172.20.184.54 > 8.8.8.8: ICMP echo request, id 19784, seq 10, length 64
.....
.......
So as you can see there is no traffic coming back on VC . Same behaviour occurs on when doing ssh to 8.8.8.8 on port 443.
What reason(s) could be? And there is no right to access and manage the paloalto...
What torubleshooting further should be to investigate?
thx
A