can ARP on 2960 block connections?

Unanswered Question

production:

internet<->cisco 2960<->production firewall<->LAN

the 2960 is plugged to both Verizon main and backup and the firewall's WAN interface

I've added a 4th connection, ASA 5505 WAN interface to get this test environment:

internet<->2960<->ASA<->test machine

ASA used a real IP that hasn't been used on production. all my tests in\out worked

moving to the next step on testing I've unplugged my production firewall from the 2960 switch & LAN. I've also connected ASA to the same LAN CORE switch using same subnet IP.

going out all my connections are working (coming from the real production LAN)

coming in is the problem. nothing came in (talking about connections initiated by internet users). same connections (same static\access-list commands) worked on test, the only difference was the outside IP (my test machine had real LAN IP and used the same ports as in production)

is it possible that ARP database on the 2960 blocked my inbound connections?

any other ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Fri, 08/01/2008 - 08:22

any arp problem (dynamic) will expire after 4 hours - these problem are present in WinNT4/2K, old PIX, old CheckPoint, variance of UNIX. unless it is configured statically.

Actions

This Discussion