Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Nexus 1000V - DMZ - ARP

Hi there,

Thanks for reading.

I have a VM (VM1) connected to a Nexus 1000V distributed switch. The 1000V has a connection to our DMZ (physically, an interface on our Cisco ASA 5520) which has 3 other VMs that are successfully serving up in the DMZ. The problem is that a SHOW ARP run on the ASA shows the other VM's MAC addresses but not VM1.

The vSphere properties for all VMs (including VM1) participating in the DMZ are the same:

  • Network label
  • VLAN ID
  • Port Group
  • State - Link Up
  • DirectPath I/O - Inactive "Direct Path I/O has been explicitly disabled for this port"

The one major difference between VM1 and the others is they are multihomed and have a foot in our private network space. I think the absence of a private IP on VM1 is not the source of the problem. All the VMs recognized as directly connected to the ASA (except VM1).

Have you ever seen this kind of thing before?

Thanks again for reading!

Bob

1 REPLY
New Member

Cisco Nexus 1000V - DMZ - ARP

FYI: we solved this problem on the VM side.  We removed the network object with VMWare and recreated it.  Once that delete-recreate was complete, I saw the VM1 mac in the firewall.

257
Views
0
Helpful
1
Replies
CreatePlease login to create content