no pvlan.Firewall is in same

girchand · ‎05-26-2016

Hello Folks,

I faced recently an issue where there is a vlan 40 with ip address 172.16.0.0/23 and int vlan 40 is 172.16.1.1/23.There is also a firewall with ip 172.16.1.2/"24" int the same vlan.

There are users and some test servers also in the same vlan.

Issue:- Users in 172.16.0.3-171.16.0.254 is able to ping servers in 172.16.1.0-172.16.1.254.But users in 172.16.1.0-254 is not able to ping servers in 172.16.1.0-254.

eg:172.16.0.100 is able to ping server 172.16.1.150 but 172.16.1.100 is not able to ping server 172.16.1.150.

Customer told -after removing a newly created ip sec tunnel in firewall issue got resolved.

I am trying to find out why the packet went to firewall for the above traffic flow.

Regards

Gireesh

Martin Carr · ‎05-26-2016

Because the networks overlap!

Martin

girchand · ‎05-26-2016

Hello Martin,

Subnet is 172.16.0.0/23 and the subjected users and server is in same subnet even if 172.16.1.X or 172.16.0.x

Gireesh

Martin Carr · ‎05-26-2016

The Firewall is on a different network, which overlaps with the other.

Is it a PVLAN?

Martin

girchand · ‎05-27-2016

no pvlan.Firewall is in same vlan

glen.grant · ‎05-26-2016

Network connectivity is always going to be strange when you have devices within the same address range but they are using different subnet masks . This is a no no and will lead to unpredictable results .

girchand · ‎05-27-2016

yeah,but customer is having this config from years and its under revamp

Finding an issue inside the same vlan