Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5006
Views
0
Helpful
2
Replies

ASA and Gratuitous ARP

metro.gmarsh
Level 1
Level 1

‎05-24-2007 06:49 AM - edited ‎03-11-2019 03:19 AM

I have run into an issue where redundant devices devices behind an ASA that are using it as a default GW are having problems at failover when there is a MAC change on a VIP. The cisco CSS utilizes gratuitous ARPs on failover, and until the arp cache is cleared on the ASA the services will not come up. Any ideas?

ASA 7.2

CSS 8.10

Labels:
0 Helpful
2 Replies 2

hoogen_82
Level 4
Level 4

‎05-24-2007 09:25 AM

Hmm.. can you try this command sysopt noproxyarp inside on y our ASA.

-Hoogen

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee

‎11-29-2017 02:08 PM

Are you saying that the ASA doesn't process the grat arp from the CSS device? If that is the case please open a TAC case and work with an engineer. Gathering arp debugs and packet captures will help.

 

Another option is to reduce the arp timeout on the ASA.

-Kureli

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card