Only a quick suggestion.. on the 2811, setup a /30 or something routable for testing... plugin directly on that port with IP/gateway and DNS - see if issue is still there. Then at least you know if it's in the ASA or not....
-----Original Message----- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Thursday, April 9, 2015 7:06 AM To: af@afmug.com Subject: [AFMUG] Weird network issue I have a customer who uses us as a backup path to the internet. They have BGP sessions with us and another provider, and we just stack a few prepends on the routes they send us and re-advertise them. When their primary connection is out, they report having partial connectivity. We just had a two hour test window where their primary connection was shut off on purpose so that we could test. The other provider and I spent a ton of time going over BGP and routing stuff and finally concluded, "gee, it should be working." After we gave up looking for a routing problem that isn't there, we did some more basic testing and really the only thing I can conclude definitely doesn't work when they fail over to us is DNS. Using nslookup they get no response from any DNS servers. They have a Cisco 2811 running BGP, but that connects to an ASA, and everything on their LAN is behind the ASA. I asked for copies of the configs on the 2811 and the ASA, but I'm not even sure what I'm looking for yet. Any brilliant ideas?