ASA5510 Strange ARP/MAC-ADD issues inside network -URGENT PLEASE

Unanswered Question
Jul 4th, 2008

Hi,

we installed an ASA firewall to replace the PIX firewall in a customer site.

when we did this the customer ran a ping from a server on the inside network (lets say 192.168.1.1) to another server on the inside network (lets say 192.168.1.2). both the servers gateway are the new asa firwall. we get dropped packets and when we look at the arp -a on the 192.168.1.1 server it shwos that the mac-address of 192.168.1.2 is that of the asa firewall's inside interface.

this is wierd. this occurs again if we run a ping from a different server to another different server. again it shows the sevrer we are pinging as the mac-address of the asa firewall in the arp cache. we get the first reply and then dropped pings.

this is strange as the pings are local and should not actually hit the firewall so has anyone seen this before?

i could understand if the two servers were on different interfaces on the firewal but they are not. if you disconnect the asa firewall then everything works and you can ping. there is no clash of ip addresses as well.

any ideas or suggestions would be very much welcome

cheers

chris

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cmelbourne Fri, 07/04/2008 - 00:25

Ray,

we tried that as well and still the same.

if we do a show arp in the asa firewall it displays the correct mac-address for them servers.

the customer is back on the old pix firewall now and does not have any issues.

any more ideas.

a.alekseev Fri, 07/04/2008 - 00:54

show the configuration.

to disable proxy arp you can use

"sysopt noproxyarp inside"

Actions

This Discussion