Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
5
Replies

PIX interface affects local VLAN traffic

Go to solution
s.srivas
Level 1
Level 1

‎03-03-2009 02:23 AM - edited ‎03-11-2019 07:59 AM

Hi,

I have a problem, in that servers on vlan 111 are intermitent in communicating them selve.

This vlan 111 is trunked with vlan 100 to pix gB-ethr3. Th server gateways are the vlan111 on the pix. (v100 physical, v111 logical, only one switch 4948 is connecting to the two failover pix GB-ether3.

Why is the local communication intermittent.

Note: The server team thinks that the pix trying to do ARP for evrything. What to look for to reason this.

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vikram_anumukonda
Level 3
Level 3
In response to s.srivas

‎03-03-2009 07:47 AM

disabling proxyarp just on the inside interface should do the job for you ( sysopt noproxyarp inside - stops PIX answering for the ARP requests coming from the inside interface ), as that's the network where you have got intermittent connectivity.

but it's worth trying , if the issue persists.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
vikram_anumukonda
Level 3
Level 3

‎03-03-2009 03:03 AM

what version of code are you running ?

pasting your code might help .

0 Helpful

Go to solution
s.srivas
Level 1
Level 1
In response to vikram_anumukonda

‎03-03-2009 06:24 AM

Hi Vikram,

Thank you.

PIX Version 6.3 is used.

and I stopped the proxy-arp function on the pix interface and it looks like it is working.

0 Helpful

Go to solution
vikram_anumukonda
Level 3
Level 3
In response to s.srivas

‎03-03-2009 07:12 AM

that's what i was guessing too.

I think you will have to disable the proxy-arp thing - If I am not wrong.

"The fix is to turn off proxy-arp for this interface. "sysopt noproxyarp inside" stops PIX answering for the ARP requests coming from the inside interface "

I read this in a book

appreciate you replying to the thread :)

0 Helpful

Go to solution
s.srivas
Level 1
Level 1
In response to vikram_anumukonda

‎03-03-2009 07:34 AM

Thanks for that.

When i fied the inside by stopping proxy arp, suddenly the outside interface is trying to assist with it's proxy arp.

I'm planning to stop proxy-arp on the ouside. i do not know if this will affect any other interfaces as there is a lot of other interfaces on this pix.

Should i go for no-proxing on the outside/

0 Helpful

Go to solution
vikram_anumukonda
Level 3
Level 3
In response to s.srivas

‎03-03-2009 07:47 AM

disabling proxyarp just on the inside interface should do the job for you ( sysopt noproxyarp inside - stops PIX answering for the ARP requests coming from the inside interface ), as that's the network where you have got intermittent connectivity.

but it's worth trying , if the issue persists.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card