02-21-2010 11:57 AM - edited 03-11-2019 10:12 AM
I'm trying to work out this issue...
source, switchA = 192.168.0.4
FW1 = 192.168.0.1
FW1_Transit = 192.168.4.1
FW2_Transit = 192.168.4.7
FW1_VLAN = 192.168.12.0 /25
destination, SwitchB = 192.168.12.10
I setup a capture to watch the traffic and see it all the way onto the destination VLAN (192.168.12.0/25).
However, I dont see the traffic coming back on this VLAN Interface.
I setup a policy NAT as follows:
access-list PNAT-3612 extended permit ip any 192.168.12.0 255.255.255.128
global (TD_3Tier_HQ_App_NLB) 1 interface
nat (TD_3Tier_Web_2_App) 1 access-list PNAT-3612 outside
which appears to cause the traffic to come back on that interface, BUT, I dont see it hit the ACL, and the log output shows the following error:
Received ARP response collision from 192.168.12.10/8843.e17f.9041 on interface TD_3Tier_HQ_App_NLB (this being the name of the vlan interface)
Is this implying a duplicate IP somewhere?
thanks in advance.
Bruce
02-21-2010 11:59 AM
ooops....Sorry folks...
As I typed all that out, it got me to thinking...possibly I do have a duplicate...checked another switch, and there it was...duplicate IP...
bruce
02-21-2010 12:01 PM
well,
that got rid of the duplicate ip and error, but i'm still not seeing the traffic hitting that return interface...
thought the P NAT would take care of that...
bruce
02-21-2010 01:43 PM
Bruce,
If the response traffic isn't coming back you need to check the following.
1. capture on the desination host and make sure it is responding and make sure it is sending the response to the correct mac address.
2. Make sure the destination host has a route to get back to the source host network. If you need to check it's default gateway you need to do make sure that GW has a route back to the source network.
-KS
02-21-2010 03:46 PM
KS,
1. It's not actually a host. It is an SVI on an access switch. My capture however, doesn't show return traffic
2. another problem has cropped up...i can no longer see the traffic making it through the firewall...I'll have to figure that out before I can move forward ...
Bruce Summers
DHS OCIO
Network Engineering
bruce.summers@associates.dhs.gov
bb: 202-503-7628
desk: 228-813-4838
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide