ASA failover and HSRP gw

Unanswered Question
Nov 27th, 2006
User Badges:
  • Silver, 250 points or more

Hello All,


I have two ASA5520 (with 7.2 software) in statful failover over LAN. And these firewalls are connected to my border routers, on border routers HSRP operates and provides virtual address - HSRPprovide the next hop for outside static route. My problem is that I receive the next syslog message:

%ASA-4-405001: Received ARP response collision from "ASA outside IP"/0000.0c07.ac00 on interface outside


And after this message the Active ASA fail and secondary become active.


Please send me some info how to solve this issue.


Thanks in advance

FCS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
zubairjalal Mon, 11/27/2006 - 03:14
User Badges:
  • Bronze, 100 points or more

If you have uploaded the complete error message, it seems that there is an IP conflict. The device with the mac address 0000.0c07.ac00 must be having an IP which is already present on the firewall.


You will have to check the mac address 0000.0c07.ac00 . By checking i mean, you will have to trace this mac address. You can check your L2 switch for its mac address table. See from which port it is learning this mac address. If it is a cisco switch check by


show mac-address-table


Pls let me know if 0000.0c07.ac00 belongs to the ASA itself.Then it has to be some other issue.



regards

Zubair


--Pls rate if it helps--

farkascsgy Mon, 11/27/2006 - 03:16
User Badges:
  • Silver, 250 points or more

Zubair,


0000.0c07.ac00 is HSRP virtual mac address as I know.


bye

FCS

farkascsgy Mon, 11/27/2006 - 04:18
User Badges:
  • Silver, 250 points or more

Thanks again Zubar...

But this bugs are different what I expect. My standby asa can take over the resources, when this arp issue is appear. And the mac address is coming from my border routers (they are HSRP pair).


Thanks,


FCS

Actions

This Discussion