Hello all,
I am having a weird issue and I would like your assistance to solve it.
So, we recently purchased a private cloud solution that comes with vSphere and NSX-T.
The provider has created a single T0 gateway that connects to their infrastructure for Internet connectivity, a T1 gateway(let’s call it T1-A), and a couple of segments, from which we can use one of them for internet connectivity on a VM(let’s call it segment-A).
T1-A also comes with a sNAT rule and all the firewalls are allowing everything.
We created a new VM(VM-A), used segment-A, placed the correct IPs and everything works straight away, we can ping, install updates, etc..
Now, we created our own segment(segment-B), a new T1(T1-B) and we linked segment-B to T1-B and T1-B to the T0. We placed the sNAT rules, checked the firewall and configuration to be the same as the working ones, and we can not ping outside our infrastructure.
We tried changing segment-B to connect to T1-A(and we also created the same sNAT rules we did on T1-B to T1-A) and everything works, so we deduced the fault lies in the T1-B.
We checked the NAT, the firewall, and even the configuration(since we can compare it with the working example) and everything seems the same.
Now here is where the issue is getting even weirder:
Between each T1 and the single T0, we use 100.64.0.0/16(which I believe is by default).
When we try to ping from VM-B the IP of T0 on that subnet(in our example the IP is 100.64.32.4) it does not work, whereas from VM-A we can ping its corresponding IP(100.64.32.0).
To make things even weirder, we used the Traceroute tool from within NSX, and it says that both VM-A and VM-A can ping google IP(8.8.8.8) but in reality, we can not ping it from VM-B.
Do you guys have any suggestions on what to check next?
Thank you.