Hey Community,
I´ve a strange problem in some environments.
I´ve set up a XGS 126 with a few APX 120 and APX 320.
The Subnet where i face the errors is a WiFi Network as separate Zone.
I have a host (192.168.253.22) which is connected via WiFi to an APX 120.
This host trys to connect to another Host (192.168.253.202) which is connected via WiFI to another APX 120.
The packets are somehow dropped with my Drop All Firewallrule on the end of my rules.
I´ve done a PCAP to trace the packets and can see, that the traffic is incoming from an vxlan Interface and outgoing on another vxlan interface.
As i am correct, this is because of the seperate zone?!
I can also see, that ICMP requests are answered (in the PCAP) but the host will never receive the answers...
I also tried to connect to 192.168.253.202 from an LAN, created Firewallrule and NAT, but this packets are also dropped.
Now the very strange thing: When i am connected via SSL VPN, i can reach out to all Hosts.
I can also connect to 192.168.253.202 when my client is connected to the same Access Point as the host.
I`ve the same issue on another branch where we want to use air print.
Printer and Client are connected to the same WiFi, but AirPrint works only, when printer and Client are connected to the same Access Point.
Can anyone help and explain what is going on?
Is the routing from VXLAN to VXLAN not possible?
Thanks for your ideas and sorry for the bad english
And from SSL VPN to the Host (that what works)
Quote