I had created a new server as a test environment for a new client of the company and configured it to reside in the DMZ with an external IP address so that people at the client could test the system from their location.
I tested connectivity to this new IP address and the server was connectable and everything seemed fine.
However one of our implementation consultants reported that he wasn’t able to access the server from his location using the IP address that I had provided to him. I tested it again and again it all appeared fine.
I then tried connecting to it from a different network outside of the company and I hit the exact same problem as my colleague had ‘TTL Expired In Transit’. So I then tried a TraceRoute to see if this revealed where the issue might be.
At first glance it appeared okay, traffic was being bounced back correctly from each router along the way. Then I saw the problem, it was because of a configuration error in our ISP’s routers which meant that traffic coming from outside of their network that was destined for the IP address I had assigned to the server was getting routed to a particular couple of routers which were then just bouncing it back and forth between the two of them until the TTL expired.