Recently we've changed our network routing, and now we're seeing some strange behavior. Inbound VPN connections can't connect to resources, and it looks like it's because return traffic is being routed incorrectly.
* Switch has some static IP routes:
- 0.0.0.0 next hop 10.1.0.3 (Public internet)
- 10.0.3.0/24 next hop 10.1.0.2 (WAN connection to VPN/firewall)
- 10.10.10.0 (local)
* VPN client is connected on 10.0.3.3
* VPN client attempts to reach 10.10.10.10, but can't
* Tracert shows that outbound traffic from 10.10.10.x to 10.0.3.3 is being routed out 10.1.0.3 instead of 10.1.0.2
We've seen that 10.10.10.x clients on some ports will use the right route, while others use the wrong one. This problem has only appeared in the past few days, and the most recent static route changes were a couple of weeks ago. Rebooting the stack seems to take care of everything for a while, but then it creeps back in. Assuming it's something to do with the switch's routing algorithm, but I'm not sure if there's anything that can be done to fix it directly.
We're still running firmware v18.104.22.168, and I see that there are v3.x versions available. Is this a known issue that might be addressed by firmware, or should I be looking for a configuration problem? Suggestions?