Trying to connect a cisco 9300 device with 2 VRF's accross the PA firewall. the PA firewall can not ping the attached 9300 interface in a VRF. IF the interface is taken out of the VRF the connectivity works.
Dose any one know whats causing this
Hi @Tech_pp ,
Given the small amount of information, I have to make certain assumptions.
If you can ping outside the VRF...
It sounds like an issue with the C9300. No changes are made on the NGFW between working and not. You may need to go to the Cisco forum. However, I will add a couple thoughts.
Placing a VLAN interface inside a VRF is only one command, "ip vrf forwarding VRF_NAME", and it would fail if the VRF were not created. You should get a warning the IP address has been removed and needs to be re-added.
Network Advantage is required for VRFs on the C9300. What does "show license summary" show on your C9300? I don't know if you would get an error if you tried to create a VRF without the proper license.
Hi @Tech_pp ,
Could you verify the license on the C9300 as requested before? That's the only thing I can think of right now.
So you are placing the IP addresses on the interfaces and not using VLANs? Then what I said earlier still applies to the physical interfaces and not the VLAN interfaces.
You are correct in that no configuration is required on the NGFW for the VRF. The VRF is local to the C9300.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!