It happens to us all at some time or another. You’ve been working all morning at a remote site several hours away, and you’re making substantial changes on the network infrastructure. As you are finishing up, you realize you can get to the Internet, but you can’t FTP to the Internet. After going over the config several times, it’s time to bring in another set of eyes. And so my phone rings.
This ended up being rather simple. We have PBR (Policy Based Routing) in effect for normal web traffic (ports 80 and 443), and a default route for all other Internet destined traffic (such as FTP). I checked the routing table and found this…
As you can see, gateway of last resort is not set. So for any Internet bound traffic that is not port 80 or 443, the router does not know where to go. My co-worker checked and found that he had mis-typed the entry for the default next-hop path. Once he fixed it, everything worked as it should.
Another example was earlier this summer…I was having some stability issues with one of my VTI (Virtual Tunnel Interface) sites, and was not able to nail down the cause. My co-worker looked over the related configs, and found that I had forgot to set a particular filter on the perimeter firewall. That fixed it.
So if you find yourself staring at a configuration, unable to find the problem, call a fellow co-worker and get a fresh set of eyes on the problem. Two heads are better than one!
Good post. Had a guy email today with a problem. After 65 email exchanges back and forth, we finally got it resolved.