Securestack Cannot Ping One Remote Subnet Due to New Device connected on Directly Connected Subnet
Connect device to subnet on Securestack causes ping to fail from VPN clients connected to upstream VPN concentrator
Disconnect device resolves
Egress vlan where client was connected tagged out port to bring up interface and issue does not return
Disabled Interface on Securestack that has same subnet as incoming VLAN clients and connect device resolves
Duplicate subnet firewall as DISABLED (shutdown)client subnet configured on the Securestack that was regressed on the port to which the device was connected. Connecting the device caused the subnet to change to operationally up and the Securestack started to forward all ping destined to the subnet out the directly connected vlan and not by the static route.
Shut down the duplicate subnet interface and remove it from the config to avoid it happening again.
The interface that changed state has the same subnet as the VPN pool on the firewall. The directly connected route has a priority of zero and the static route as a priority of one, so, the Securestack forwards the packet out the connected interface and does not use the static route pointing to the firewall.