ASA5510 Strange ARP/MAC-ADD issues inside network -URGENT PLEASE

Unanswered Question
Jul 4th, 2008
User Badges:

Hi,


we installed an ASA firewall to replace the PIX firewall in a customer site.


when we did this the customer ran a ping from a server on the inside network (lets say 192.168.1.1) to another server on the inside network (lets say 192.168.1.2). both the servers gateway are the new asa firwall. we get dropped packets and when we look at the arp -a on the 192.168.1.1 server it shwos that the mac-address of 192.168.1.2 is that of the asa firewall's inside interface.


this is wierd. this occurs again if we run a ping from a different server to another different server. again it shows the sevrer we are pinging as the mac-address of the asa firewall in the arp cache. we get the first reply and then dropped pings.


this is strange as the pings are local and should not actually hit the firewall so has anyone seen this before?

i could understand if the two servers were on different interfaces on the firewal but they are not. if you disconnect the asa firewall then everything works and you can ping. there is no clash of ip addresses as well.


any ideas or suggestions would be very much welcome


cheers

chris


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ray_stone Fri, 07/04/2008 - 00:21
User Badges:

Hi, try to use following command then try...


clear xlate


Ray

cmelbourne Fri, 07/04/2008 - 00:25
User Badges:

Ray,


we tried that as well and still the same.

if we do a show arp in the asa firewall it displays the correct mac-address for them servers.


the customer is back on the old pix firewall now and does not have any issues.



any more ideas.



a.alekseev Fri, 07/04/2008 - 00:54
User Badges:
  • Gold, 750 points or more

show the configuration.


to disable proxy arp you can use

"sysopt noproxyarp inside"

Actions

This Discussion