So this one requires some back story, before I started at the company the previous IT guy had purchased WatchGuard Firewalls and hardware VPN boxes (really truly mini firewalls) for our few permanent remote employees at the recommendation of one of our largest customers. We then also deployed a software VPN for all the employees who were remote temporarily or couldn’t have a hardware box for whatever reason.
Now for that past 2 years I’ve been working to phase out the hardware VPNs as they lock us into a vendor I don’t particularly like dealing with both software wise and support wise. On top of that the hardware VPNs are a royal pain the in the ass since every time I update routes I have to update it across all the hardware VPNs, not just the firewall itself (split-tunnels!). Also in the last two years we’ve been working to Migrate to Azure (thus adding Azure VPNs). Cue this past week when we migrated the core database server to Azure, but I forgot to update the hardware VPNs (not to mention couldn’t log into their systems to update it).
Engineer Calls,
Engineer: “I can’t connect to the Database server”
Me: “Ah yes, I forgot to update the routes, mind if I remote in?”
Engineer: “Why do you need to update the routes? You just moved it nothing more!”
Me: “Yes, but I moved it to an entirely different IP block as required for the move to Azure”
Engineer: “OK, but how does that relate to changing the routes?”
Me: Mentally facepalms “Those routes determine how the VPN moves traffic, right now it doesn’t know the route to Azure via the private connection”
Engineer: “OK, I guess you can update the routes, but I don’t see how it’ll fix the problem”
Me: “Thank, you”
Now at this point I got into his box and updated the routes so that traffic going to Azure would go via our office to Azure as required. However what I didn’t realize immediately was that I had also forgotten to include the route in the Azure VPN Routing.
Engineer: “See I told you adding that route wasn’t going to fix it”
Me: “Give me a minute or so, let me double check some things on my end, and it might take a minute or two for the route to apply anyways”
Engineer: “Your really wasting my time, I need this working, why can’t you just give me the access I need”
Me: “Again, just give me a minute here, I think I have an idea of what’s going on”
Engineer: “I have a meeting in 2 minutes, I’m getting off this call, hopefully when I get back you’ll just give me the access I need like I asked for the first time”
At this point engineer gets off in a huff, and not even a minute later I find that I didn’t add the hardware VPN routes in Azure and I go ahead and update that. About 30 minutes later engineer calls again.
Engineer: “So are you just going to give me access like I told you the first time?”
Me: “No, I updated your routes and the routes in Azure, I also ran a remote ping on your system and verified you can reach the SQL Server now”
Engineer: “Bull crap you didn’t give me the permissions I needed”
Me: “Just humor me and try connecting”
Engineer: “Oh, it looks like it connected this time”
Me: “Like I said it was just routes, is your problem solved now”
Engineer: Very huffy/angry “Yes it’s fixed, good bye”
