Reset Search
 

 

Article

Securestack Cannot Ping One Remote Subnet Due to New Device connected on Directly Connected Subnet

« Go Back

Information

 
TitleSecurestack Cannot Ping One Remote Subnet Due to New Device connected on Directly Connected Subnet
Symptoms
  • Connect device to subnet on Securestack causes ping to fail from VPN clients connected to upstream VPN concentrator
  • Disconnect device resolves
  • Egress vlan where client was connected tagged out port to bring up interface and issue does not return
  • Disabled Interface on Securestack that has same subnet as incoming VLAN clients and connect device resolves
Environment
  • Securestack
  • Routing
Cause
Duplicate subnet firewall as DISABLED (shutdown)client subnet configured on the Securestack that was regressed on the port to which the device was connected.
Connecting the device caused the subnet to change to operationally up and the Securestack started to forward all ping destined to the subnet out the directly connected vlan and not by the static route.
Resolution
Shut down the duplicate subnet interface and remove it from the config to avoid it happening again.
Additional notes
The interface that changed state has the same subnet as the VPN pool on the firewall.  The directly connected route has a priority   of zero and the static route as a priority of one, so, the Securestack  forwards the packet out the connected interface and does not use the static route pointing to the firewall.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255