Wireless Networks Thread, Hp Procurve default gateway help in Technical; I urgently need some advice with default gateway settings on a HP Procurve 5406zl.
The switch currently looks after all ...
10th October 2008, 04:23 PM #1
Hp Procurve default gateway help
I urgently need some advice with default gateway settings on a HP Procurve 5406zl.
The switch currently looks after all the internal Vlans and is the router for these.
The vlans all have their own default gateway.
I have setup a VPN to a remote site which is all working with no problems (I can RDP onto my servers from the remote site), however I can't get from my server vlan over to the remote site and I'm pretty certain it's down to the routing.
Camera server - 10.0.0.13 255.240.0.0 has a default gateway of 10.0.0.76 (the HP switch mentioned above.
Our firewall is a watchguard and is on 10.0.0.1
If I run a tracert from the camera server over to the VPN I get nothing beyond the default gateway, suggesting to me that the switch doesn't know the route to the firewall?
Can anyone help please?
IDG Tech News
10th October 2008, 04:40 PM #2
Add on static routes (seems to come to my TFI Friday brain)
10th October 2008, 04:47 PM #3
I've just done:
ip route 22.214.171.124/24 10.0.0.1
on the switch, no success yet.
Does that look nearly right?
10th October 2008, 04:48 PM #4
ip route 0.0.0.0 0.0.0.0 10.0.0.1
Just be careful as it can affect existing routes. I changed it remotely once and spent 2 hours working out how to get back in with a chain of ssh sessions via servers that didn't require routing
10th October 2008, 04:49 PM #5
Does the firewall have a route back to the switches IP address too?
10th October 2008, 04:53 PM #6
Currently there is no route back to the 10.0.0.0 range setup on the firewall, but as the firewall is currently on the same range as the servers I'm guessing it won't need it?
I think I'll wait until monday to play with this, 8 years of experience tells me nothing apart from changing this sort of thing on a Friday afternoon is asking for trouble!
Do I need to undo the ip route change I just added before I go?
Thanks for your help guys!
10th October 2008, 05:01 PM #7
My route is back to the default gateway for the vlan that the firewall is on.
Client (10.0.200.1) -------(10.0.200.254) 5412 (10.0.7.254) via route (0.0.0.0 0.0.0.0 10.0.7.5) ------ (10.0.7.5) Firewall (10.20.x.x)---------Internet
Firewall has a static route for 10.0.0.0 255.255.0.0 as 10.0.7.254
10th October 2008, 05:16 PM #8
Does anyone know the command to view the current static routes?
13th October 2008, 10:20 AM #9
OK, I removed the static route
126.96.36.199 255.255.255.0 10.0.0.1 using 'no ip route'
ip route 0.0.0.0 0.0.0.0 10.0.0.1 as suggested.
I still can't get through to my vpn. Tracert still stops at 10.0.0.76 (IP of my main routing switch).
13th October 2008, 10:45 AM #10
Do all involved vlans have their own ip ranges and subnets?
What are the addresses, vlans and subnets involved?
13th October 2008, 10:53 AM #11
Yes the internal vlans follow the pattern:
192.168.1.x 255.255.255.0 192.168.1.254
192.168.2.x 255.255.255.0 192.168.2.254
192.168.3.x 255.255.255.0 192.168.3.254
We still have some nodes left on the default vlan due to not having managed switches everywhere - the switches and servers are still on the default VLAN also.
The default vlan is
10.0.x.x 255.240.0.0 10.0.0.76
The main switch that looks after the vlans and routes is 10.0.0.76
The watchguard firewall (10.0.0.1) takes care of the VPN tunneling. I know that the VPN is working as I can login from the other side of the tunnel with no problems.
The IP range the other side of the tunnel is:
13th October 2008, 11:22 AM #12
So you have a vpn running from the outside to the watchguard with the ip range of 172.10.0.x 255.255.255.0? What sort of vpn and is it a lan/lan vpn?
One thing you could try is setting the default gateway for a machine in the 10.0 range to the firewall, if this doesn't work when its on the same vlan/subnet without using the switch as the gateway then you can probably rule the switch out as the issue.
13th October 2008, 11:26 AM #13
I'm not sure how to answer your first question. The VPN is a Branch-Office VPN, I'm not sure whether that's a name specific to watchguard or whether it's a standard. I guess it's a lan-lan, connected via ADSL lines.
Is that what you meant?
Good idea about changing the default gateway, I'll give that a try on a machine now and get back to you.
Thanks again for all your advice.
13th October 2008, 01:43 PM #14
OK, I have changed the default gateway on the computer that will eventually be using the VPN to the firewall IP address.
Pings and trace routes still timeout but now I am getting an error message on the firewall log:
2008-10-13 12:03:00 Deny 10.0.0.13 188.8.131.52 icmp-Echo 1-Trusted unknown packet with TTL=0, firewall drop (internal policy) rc="104"
13th October 2008, 03:01 PM #15
Resolved the issue, there was a static route on the Watchguard firewall as follows:
184.108.40.206/24 - 10.0.0.1
Removing this route solved the problem. Thanks Watchguard for telling me to put that route there in the first place.
By darknova in forum Windows Server 2008
Last Post: 13th March 2008, 04:57 PM
By link470 in forum Wireless Networks
Last Post: 15th January 2008, 11:30 AM
By Lipjam in forum Network and Classroom Management
Last Post: 10th June 2007, 05:13 PM
By localzuk in forum Hardware
Last Post: 20th April 2007, 02:59 PM
By tickmike in forum Wireless Networks
Last Post: 17th September 2006, 04:44 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)