Pls refer to the attached diag. We have attempted to do this 3 times now to no avail and I'm hoping someone has seen similar. We put the ASA's into prod and remove the Pixes. All our our external websites and vpn tunnels are accessible after clearing arp on the switches (clear arp-cache). However, we have a monitoring server that does checks against our publicly addressed websites using wget, and it fails every time after the upgrade. In fact, we are unable to access any of our external websites from servers housed within the data center behind the external switches, and not even do a wget to the websites from a Solaris box that is connected directly to the external switches. We can however hit our external websites from anywhere other than machines housed behind our external switches/fw's. And to complicate matters, we are able to access any external websites from the same machines (the ones behind our external switches) such as sun.com, cisco.com other than the websites we host. It's only an issue hitting websites that we host, therefore killing our monitoring capabilities.
We can restore the monitoring server's functionality by failing back to the original Pixes. However, around 3 - 4 hours later, the same exact problem occurs, only to clear itself up after another 4 hours. Then the monitoring server is able to monitor our external websites without the issue manifesting itself. I have heard that the arp timeout on the switches is 4 hours and am trying to make a tie in to this but can't figure out how to do so. Please remember that 3 - 4 hours after putting the pixes back into service, the issue clears up only to remanifest itself, this time with the pixes, but will then clear up on its own around 3 - 4 hours later
Thanks for any assistance!