05-24-2007 06:49 AM - edited 03-11-2019 03:19 AM
I have run into an issue where redundant devices devices behind an ASA that are using it as a default GW are having problems at failover when there is a MAC change on a VIP. The cisco CSS utilizes gratuitous ARPs on failover, and until the arp cache is cleared on the ASA the services will not come up. Any ideas?
ASA 7.2
CSS 8.10
05-24-2007 09:25 AM
Hmm.. can you try this command sysopt noproxyarp inside on y our ASA.
-Hoogen
11-29-2017 02:08 PM
Are you saying that the ASA doesn't process the grat arp from the CSS device? If that is the case please open a TAC case and work with an engineer. Gathering arp debugs and packet captures will help.
Another option is to reduce the arp timeout on the ASA.
-Kureli
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide