LAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

Procurve 2900 issue

ryan_183
Occasional Contributor

Procurve 2900 issue

We have several vpn tunnels to clients so they can come into our network and hit our sql clusters. Coming in works fine but I can't ping/connect from our internal sql servers over to the internal ip address of one of their internal boxes. Here's the setup:

192.168.100.7 <- client's internal box
public ip <- client's outside firewall interface
~~internets/vpn tunnel~~ (nat exempt)
public ip <- our outside asa 5510 interface
192.168.180.1 <- our inside asa interface
192.168.180.254 <- hp switch interface to asa
172.16.0.1 <- TDS interface to switch (most servers colo'd there)
172.16.20.220 <- our internal sql server

I can ping from our internal sql server to internal asa interface just fine but not over the tunnel to the client's internal box. I dropped a packet capture on the internal asa interface and I get nothing pinging to the client's internal box so I'm pretty sure it's not the asa. There's no default gateway set on the hp since ip routing is enabled which is normal from what I can tell. Here's a snippet of the hp:

ip config:

TDS_INTERNAL | Manual 172.16.0.1 255.255.0.0 No
EMC_MGMT | Manual 172.24.1.0 255.255.0.0 No
PROXY | Disabled
TO_OFFICE | Manual 192.168.130.1 255.255.255.0 No
TO_ASA_SOUTH | Manual 192.168.180.254 255.255.255.0 No

hp routing table:

0.0.0.0/0 192.168.180.1 180 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
156.153.78.192/27 connected 1 0
172.16.0.0/16 TDS_INTERNAL 16 connected 1 0
172.24.0.0/16 EMC_MGMT 24 connected 1 0
192.168.10.0/24 192.168.130.254 130 static 1 1
192.168.130.0/24 TO_OFFICE 130 connected 1 0
192.168.180.0/24 TO_ASA_SOUTH 180 connected 1 0

which has the default route to the internal asa interface.