I had a problem today with ARP cahcing on a Cisco router when I replaced my Cisco ASA firewall with a new piece of hardware (complete with new MAC addresses of course!)
Upon repalcement I kept identical config and IP addresses etc, however when I came to setup the static NAT entries (using proxy ARP as usual) I was unable to connect to our default gateway Cisco router from some of the static NAT IPs.
No reponse came back from the router at all.
I presume that for some reason the Router was still caching the old ARP entires for the static NATs IP and MAC addresses.
I know the Cisco ARP default timeout is 4 hours, but I would have thought there would be some mechanism were the router re-arps or refreshes?
I have no control over the router in question so I could not clear the ARP cache and just had to wait.
Is this behaviour normal? If so, is there any way to "force" re-arp-ing when you do not have router access?
Configure static NAT ips on the ASA interface one by one. The firewall will send gratuitous arps to the router, updating its arp table with the new MAC . Finally, configure the firewall interface with the correct IP and put the statics back in.Of course, all this if you can afford the down time