That's why I posted this - it goes over my head; I'm trained in PIX/ASA and LAN protocols - I'm not a CCNP yet ;-P

I admin the 150.176.4.138 hop - the 150.176.8.240 router is a connected VPN router that points somewhere else completely; why the trace would go there at all is a mystery, much less for a single address but no others...

Even from the 150.176.4.138 device (an L3 3750 with VLANs configured), traceroutes fail to that IP.

I already ruled out the target server as a cause by replacing it with a laptop and making a static NAT in the firewall to the global IP.

I've scheduled a reboot for both of those devices for tonight, to rule out 'wierd IOS error'. Other than that, I have no idea what this might be.

Marc

Kevin posted good though ..and Glen nailed it, and lessson learn at my end to look closer.. if this is the case that is a good catch by Glen, if you take a look at /28 and /29.

/28 hosts addresses

150.176.6.128 subnet address

150.176.6.129

150.176.6.130

150.176.6.131

150.176.6.132

150.176.6.133

150.176.6.134

150.176.6.135

150.176.6.136

150.176.6.137

150.176.6.138

150.176.6.139

150.176.6.140

150.176.6.141

150.176.6.142

150.176.6.143 Broadcast

/29 hosts addresses

150.176.6.128 Subnet address

150.176.6.129

150.176.6.130

150.176.6.131

150.176.6.132

150.176.6.133

150.176.6.134

150.176.6.135 broadcast

so as posted by Glen, you would have to take a look at if indeed you have one /28 and one /29 network somewhere or both to taylor your static route.. if you do have both networks going same destination then two staic routes will be needed one for /28 and /29.

Apologies to all - that mask was a typo; it used to be a /29 but was opened up to a /28 earlier this year.

A 'sh ip route from that 3750:

xxxxx3750#sh ip route

Codes: C - connect*snip*

Gateway of last resort is 150.176.4.137 to network 0.0.0.0

*** Private ranges removed ***

C 150.176.6.32/29 is directly connected, Vlan600

S 150.176.47.0/24 [1/0] via 10.10.245.132

C 150.176.6.60/30 is directly connected, Vlan7

S 150.176.6.0/28 [1/0] via 10.10.245.133

C 150.176.8.0/22 is directly connected, Vlan21

S 150.176.6.16/28 [1/0] via 10.10.245.131

S 150.176.6.64/26 [1/0] via 150.176.6.62

S 150.176.6.160/27 is directly connected, Null0

C 150.176.6.128/28 is directly connected, Vlan593

C 150.176.4.136/30 is directly connected, Vlan591

C 150.176.6.144/30 is directly connected, Vlan8

S 150.176.6.144/29 is directly connected, Null0

C 150.176.6.148/30 is directly connected, Vlan9

S* 0.0.0.0/0 [1/0] via 150.176.4.137

xxxxx3750#

The global route commands taken off of the 'show running-config':

ip route 150.176.6.0 255.255.255.240 10.10.245.133

ip route 150.176.6.16 255.255.255.240 10.10.245.131

ip route 150.176.6.64 255.255.255.192 150.176.6.62

ip route 150.176.6.128 255.255.255.240 Vlan21

ip route 150.176.6.144 255.255.255.248 Null0

ip route 150.176.6.160 255.255.255.224 Null0

ip route 150.176.47.0 255.255.255.0 10.10.245.132

A reboot of both this switch and the 150.176.8.240 router had no effect.

Marc

first what is 150.176.6.134 is it a switch router or PC?

can you post just show ip route 150.176.6.0 from 3570.

The problem has been fixed;

I got a solution from a contractor consultant that my Agency uses; he identified a proxy ARP statement in the 150.176.8.240 1700 VPN router for the affected IP address.

Apparently, the 1700 was responding first to ARP requests sent out by the 3750, since both of its interfaces connect to it (on different VLANs) and was thus was giving the 3750 an erroneous ARP entry for that IP; since the 3750 is the default route out of the 1700, a loop was being created.

I would've never found this on my own.

Thanks all for inquiring and trying to help me out.

Marc

Proxy arp respond if the 3750 is trying to reach a address outside the configure network.

Did you forget to change the netmask on the 1700 when you changed your network from a /29 to /28 ?

I don't manage the 1700 router, so I just went on what he told me; all I know is that whatever tweak they made in the configuration worked...

Marc