Hi Emma, I tried a quick diagram of this with the FW in between the 3 networks (LAN,Y,X) and came up short, when you say
"I connect to remote networks X and Y using two different routers and I'm *able to* reach both remote networks. I am however *unable to *reach the interface on the router connecting me to network Y" >From which point in your network are you unable to reach Network Y, are you able to reach it from elsewhere in the network proving it is not an isolated node? Do you have access to the two routers and firewall as the routing table from them could indicate where the problem might lie. "TTL Expired" is usually indicative of a routing loop, try a Ping / Trace Route or looking at the routing tables of the devices within your realm to narrow down where the problem might be.. For the nodes you can successfully ping, it is a 100% success rate or do the packets drop sometimes, I would have another look at that BGP configuration as introducing a new path improperly might mean packets go down both routes resulting in funky scenarios ;-) Cheers On Thu, Jul 18, 2013 at 10:51 AM, Simon Vass <[email protected]> wrote: > Which Firewall software are you running? > > Simon > > On 18 July 2013 10:45, Emmanuel Sekyewa <[email protected]> wrote: > >> Hi all, >> >> I need help. I'm in a situation where I have a firewall with a connection >> to three networks. The LAN, remote network X and remote network Y. I >> connect to remote networks X and Y using two different routers and I'm able >> to reach both remote networks. I am however unable to reach the interface >> on the router connecting me to network Y. A ping to this interface returns >> *reply from A.B.C.D TTL expired in transit* A.B.C.D is a public IP >> address on the router connecting me to remote network Y >> >> None of my settings on the firewall have changed. The only variable is >> the addition of a redundant connection on that router and BGP, where the >> newly introduced link has been made the primary link. >> >> Any ideas on where the issue could be? >> >> Regards >> -- >> Emmanuel C. Sekyewa >> >> +256 782 199 202 >> >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them in >> any way. >> > > > > -- > Simon Vass > Managing Director > E-Tech Uganda Ltd > http://www.etech.ug > Tel: +256 (0) 312260620 > Email: [email protected] > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > -- /Daniel
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
