Unable to ping specific IP across interfaces, can ping on same interface

[Shad0wguy]

As of yesterday we've been having an issue with our sonicwall at our main site. It is a TZ210. I discovered I can ping into and out of the problematic subnet. However, the IP that our phone system has I can't ping into or out of, yet it is on the same subnet as other devices I can reach.

Here's a better idea of whats happening.

Sonicwall

X0 LAN 192.168.5.0 Network - Computer LAN

X2 WLAN 192.168.105.0 Network - Computer WiFi

X3 LAN 192.168.205.0 Network - Phone LAN

Phone LAN

192.168.205.1 - Gateway

192.168.205.2 - IP Office

192.168.205.3 - Voicemail Pro server

192.168.205.100-230 - Phone DHCP

I have a computer on the computer LAN. I am able to ping the VM Pro server as well as other switches and devices on the 205 subnet except for .2. I remoted into the vmpro server and am able to ping and connect to devices on .5 and .105. I've also connected to the web interface of one of the switches on the 205 subnet and can ping to a server on .5 from there. However, I am unable to ping 205.2 from .5 or .105 but can ping it from the server on .205. In addition, when I run a ping from the .2 IP Office box to something on .5 or an internet address it fails.

I'm at a loss here. I could understand if the whole 205 subnet was inaccessible, but it is only a single IP, and that IP is not set up as an address object, so there aren't any firewall rules that could affect it directly.

Please help me get this figured out.

 

[Shad0wguy]

I'd also like to add log entries I see. When pinging I get the top entry, and connection attempts from our IP phones give the second error.

03/06/2015 09:18:56.192 Info Network Access ICMP packet from LAN allowed 192.168.5.59, 1, X0 (admin) 192.168.205.2, 8, X3 ICMP Echo, Code: 0
03/06/2015 09:07:50.128 Notice Network Access TCP handshake violation detected; TCP connection dropped 192.168.203.74, 37715, X1 192.168.205.2, 80, X3 Handshake Timeout

 

[joepc]

What is 192.168.205.2 using for a gateway? Is it the same as the other .205 devices?

 

[Shad0wguy]

The gateway was set to 192.168.205.1, same as the rest of the 205 network.
I ended up resolving this issue. Turned out it was a bad ARP entry. Somehow the 205.2 devices ARP entry got associated with the X0 interface with the rest of the 205 network on X3. Set the ARP statically and that fixed it.

 

[Shad0wguy]

Looks like other phones on the 205 network are getting X0 ARP entries now, which causes issues with one end of the call not hearing the other. What might cause this subnet to get ARP entries on an interface it isn't even connected to?

 

[joepc]

Yeah that's pretty odd... What firmware ver are you running on the Sonicwall. I would start with getting that up to date to start. I would power cycle it too.

 

[Shad0wguy]

Found out the problem. Someone plugged in the computer port on one of the phones into a wall jack for the lan network, basically bridging the two networks. Unplugged it and everything is working again.