Yes I can confirm that there are no static arps configured. 

sho run arp: no results returned 

We don't NAT to any of the addresses that are showing up in the ARP table, they are addresses that are completely foreignto the networks that we access on our known networks. 

Whats more troubling is the fact they are showing up on my inside interface. 

Hello,

So they are showing up on the inside and also managment interface? Right?

Hello, In our setup the management interface is also the inside interface. We do not dedicate an interface to management only.

Hello,

Hmmm, is the ASA the only path to get in or get out of your network?

Regards,

Julio

Hello,

Yes that is correct.

Thanks,

Sabin

Hello,

If I were in your place I would start inmediatly to investigate what is going on in here because looks like there are devices on the internal network that do not belong to your company, if you have their ip addresses I would definitly shun them

Regards,

Let me know what you find out!

Hello Richard,

We had reverse route injection selected on our L2L cryptomap rule.  It really was not needed so I disabled it.  However I still am getting some of the addresses popping up.  I did a lookup on them and most are coming back as the following..

Reverse lookup for addresses below: .deploy.akamaitechnologies.com

23.1.217.83  whois = Domain Name: AKAMAITECHNOLOGIES.COM

65.197.244.80  whois = Domain Name: AKAMAITECHNOLOGIES.COM

65.197.244.82  whois = Domain Name: AKAMAITECHNOLOGIES.COM

72.246.225.83  whois = AKAMAITECHNOLOGIES.COM

Apparently this AKAMAITECHNOLOGIES.COM provide deployment services and bandwidth for companies such as Microsoft and many more.

No results

206.160.105.254  whois = Sprint.com

204.95.60.12  whois = Sprint.com

112.80.48.236 whois = Something in China...Blocked this network at firewall.

Reverse lookup for addresses below:  dns-redir-lb-02.tampabay.rr.com

65.32.5.112

65.32.5.111

A little more background on our setup.  We have a very small network with no more than 80 connected devices.  All devices have been accounted for. 

We have a L2L VPN tunnel to our client (did have Reverse route injection enable/now disabled as not needed).  Here we use a dynamic policy NAT to NAT our internal hosts to an address space (Provided by ISP) usable in our clients network.  The nat is configured so packets destined for client network on VPN tunnel get hit a pool of addresses and the source IP is then translated.

We are also using PAT, which is used for packets not destined for the vpn tunnel (like the web). 

What is most puzzling, is if I turn off the PAT and delete the dynamic policy nat, then recreate a new dynamic nat with any any to the pool of addresses, these strange addresses do not show up in ARP table.