I have just had the unenviable task of re-IP-ing our office for our new lords and masters. To cut a long story (and a long half day of fault tracking) short, we had one server on the network that needed to stay where it was (IP-wise) for a while, so we ended up with a new 10.20.x.x network for everything else, including a Draytek 2800 for the VoIP system, and one Windows 2003 server and a Draytek 2930 still on 192.168.200.x.
Everything worked fine except that the Windows server started dropping packets and getting to it from the LAN, VPNs or a temporary WAN NAT forwarding for VNC proved very troublesome - connections would drop and we got 25%-100% packet loss PINGing the 2930 from the server. We could PING anything else still on 192.1682.x from the server but server->2930 was very iffy.
After ruling out a lot of stuff, we pulled all the patch cable connections except for the 2930 and the server and started adding things back one by one. Eventually we found that the problem was the 2800 router which was now on a 10.20.x.x address. With that router off the LAN, we could get to the server and it could get to the outside world via the 2930.
In the end, I just split the LAN so the 2800, VoiP server and phones are on a separate switch, but while having a look at things, I noticed that the NAT routing table on the 2800 (on IP 10.20.199.2) had multiple entries referring to both the windows server (192.168.200.20) and the 2930 (192.168.200.1) - in effect, it seemed like the 2800 was trying to NAT route on the LAN between 192.168.200.20 and 192.168.200.1, where I would have expected it to be oblivious to the devices not on the same network scheme as itself. Along the way I did power cycle the 2800 but the problem persisted. Another curious note was that the firewall's syslog on the 2930 was throwing out a continuous stream of ARP errors - so maybe the 2800 was trying to do ARP proxying (???)
I have not seen this behaviour before so can anyone shed any light on it?
Thanks
