we have some strange routing-problems with our 5412zl (Firmware-Version 12.10):
the switch (ip 172.21.3.8) is the default gateway for all clients in the default-vlan is routing all the traffic between the vlans without any problems.
We defined a static route on the switch (0.0.0.0/0 172.21.3.9) to our firewall where all the internet- and some vpn-traffic would be routet externally. All this is working well except some URLS are not working as they should.
If you try to open for exaple the url "https://mall.automation.siemens.com" on any client you sometimes get the page and sometimes you don´t (and when you get the page you could only follow links for 30 to 60 seconds till the page isn´t working any more)
If you configure a client to use the firewall as default gateway this url´s work perfectly.
I´ve got the running-config attached and appreciate any suggestions.
Problem: switch VLAN interface and firewall interface are in the same subnet: 172.21.3.0/24 (I suppose)
Solution: -create new switch VLAN interface, assign 10.1.1.1/24 to it, assign 10.1.1.2/24 to the firewall interface -untagg the firewall port in this VLAN, -issue: ip route 0.0.0.0 0.0.0.0 10.1.1.2 in the switch -don't change the default gateway of the clients (leave it to 172.21.3.8)
i have just attached a simplified scheme of our network - maybe you could have a look on it (The HP 5412 and the 2650 are in different buildings in Town, connectet with Gigabit-Fibre).
Please note that problems occur on the clients from the 172.21.x.x and from the 192.168.105.x Subnet.
Does your answer mean i should create additional Vlans between 5412 and 2650 and between 2650 and "Firewall Company B" ?
Can you attach the configuration of the 5400 after removing any private info for the company.
One more thing, If the clients gateway was the firewall, and your are saying everything is working fine, then did you enable routing on the firewall in this case for other Vlans ?
Also, did you add another default route on both sides as a backup pointing to other side ?
When we give a client the Firewall as gateway it was for testing only - so no routing to other vlans was made. We have no backup-routes defined on both devices.
I just found out today, that when the 5412 got nothing to to (since nearly nobody is working) everything is working fine.
I've faced problem before with HTTPs with one of my clients and after invistigating i noticed that the HTTPs session timed out before any reply.
So it was a timing issue, and i noticed that my client configured a Local DNS server that was 5 to 6 HOPs away from the LAN, and when i changed to alternative DNS which was 1 HOP, things startd to work fine.
Also, you can;t imagine that some HTTPs sites like the HOTMAIL, YAHOO MAIL login pages were perfect but not the GMAIL.
I suggest you see where the packet is being delayed and timed out.
