we installed an ASA firewall to replace the PIX firewall in a customer site.
when we did this the customer ran a ping from a server on the inside network (lets say 192.168.1.1) to another server on the inside network (lets say 192.168.1.2). both the servers gateway are the new asa firwall. we get dropped packets and when we look at the arp -a on the 192.168.1.1 server it shwos that the mac-address of 192.168.1.2 is that of the asa firewall's inside interface.
this is wierd. this occurs again if we run a ping from a different server to another different server. again it shows the sevrer we are pinging as the mac-address of the asa firewall in the arp cache. we get the first reply and then dropped pings.
this is strange as the pings are local and should not actually hit the firewall so has anyone seen this before?
i could understand if the two servers were on different interfaces on the firewal but they are not. if you disconnect the asa firewall then everything works and you can ping. there is no clash of ip addresses as well.
any ideas or suggestions would be very much welcome
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...