05-26-2016 12:57 AM - edited 03-08-2019 05:56 AM
Hello Folks,
I faced recently an issue where there is a vlan 40 with ip address 172.16.0.0/23 and int vlan 40 is 172.16.1.1/23.There is also a firewall with ip 172.16.1.2/"24" int the same vlan.
There are users and some test servers also in the same vlan.
Issue:- Users in 172.16.0.3-171.16.0.254 is able to ping servers in 172.16.1.0-172.16.1.254.But users in 172.16.1.0-254 is not able to ping servers in 172.16.1.0-254.
eg:172.16.0.100 is able to ping server 172.16.1.150 but 172.16.1.100 is not able to ping server 172.16.1.150.
Customer told -after removing a newly created ip sec tunnel in firewall issue got resolved.
I am trying to find out why the packet went to firewall for the above traffic flow.
Regards
Gireesh
05-26-2016 06:05 AM
Because the networks overlap!
Martin
05-26-2016 06:58 AM
Hello Martin,
Subnet is 172.16.0.0/23 and the subjected users and server is in same subnet even if 172.16.1.X or 172.16.0.x
Gireesh
05-26-2016 08:11 AM
The Firewall is on a different network, which overlaps with the other.
Is it a PVLAN?
Martin
05-27-2016 08:22 AM
no pvlan.Firewall is in same vlan
05-26-2016 08:13 AM
Network connectivity is always going to be strange when you have devices within the same address range but they are using different subnet masks . This is a no no and will lead to unpredictable results .
05-27-2016 08:21 AM
yeah,but customer is having this config from years and its under revamp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide