Weird Network Connectivity problem

Posted on 2011-04-21
Medium Priority
Last Modified: 2012-05-11
Ok I doubt anyone has any kind of solution, but I guess I'll ask anyway.  I have this really weird issue where when certain users (and it's always the same ones) try to connect my unified messaging system (glorified Instant Messenger), they are unable to connect\ping the host.  If I ping the switch in front of the host then they can connect.

So there's a bit of network setup here to take into account as well.  The unified messaging system is part my my IP PBX.  The IP address they are connecting to is on a different subnet (my voice subnet).  So, users have IP's in the and are trying to access the host at  

On my phone side, I have an L3 switch that is routing between the two subnets over a VLAN with IP  This is the switch that if I ping it, I can get to the PBX at  On the data side my routing is done by my firewall - routes to

So for the short term I've setup a ping to the switch on my users log in scripts, but this is hardly a solution.  I hope to completely switch out my voice switches soon as they are aging pretty bad.

Any Suggestions?
Question by:JamesonJendreas

Expert Comment

ID: 35443197
On the non-working PCs -- if you add a static route

(route add /? for syntax)

> route ADD MASK METRIC 3 IF 2
         destination^      ^mask      ^gateway     metric^    ^

something like

route add mask (gateway) metrick 10 if (use route print to find interface #)

Does it have any impact -- I'd give that a shot.
LVL 22

Expert Comment

by:Matt V
ID: 35443854
So your L3 switch has an IP of on the VLAN interface?
And your subnet is

You cannot assign .130 if that is the subnet.

Or do you have a different subnet mask on the L3 switch?  If so, that could be your problem.
LVL 57

Accepted Solution

giltjr earned 2000 total points
ID: 35445674
Not sure where mattvmotas came up with a /28 subnet, with a mask of it should be a /20.

On one of the PC's having a problem can you post the output from the following command from before and after you do the ping:

     ipconfig /all
     netstat -rn

LVL 17

Expert Comment

ID: 35446695
It seem like a problem with ARP on you L3 switch. Perhaps you should have look at its arp table.

Your pc is sending the packet to the firewall, that will forward to the switch. Packets will arrive with source ip of pc but source mac of firewall, so the switch will put that in its arp table.

When the reply comes from the pbx, with destination ip of pc, the switch will forward to the firewall because of the content of the switch arp table.

Now, the firewall should forward to the pc, but possible there is no rule allowing forwarding from pbx ip to pc range.

You can either try to install such a rule on the firewall, or you can enter some static mac settings into the arp table of the switch - so that it does not return packets via the firewall.

A whole different but better design is to connect the firewall on third vlan on the switch. Both voice and data lans would have the L3 switch as their default gateway, and the switch would have a default gateway pointing to the firewall. Obviously it means that the two lans will not be directly connected to the firewall, so it needs statics routes sending those networks to the switch. Firewall rules and nat also need to be set for those subnets.
LVL 57

Expert Comment

ID: 35722297
Um, thanks for the points, but I did not post a solution.  I posted a request for more info.  

If my question led you to a solution could you describe what the solution was so it may help others?

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
In this article, we’ll look at how to deploy ProxySQL.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question