ok , gratuitous ARP behavior post migration could cause issues then , as we have around 300 - 400 virtual servers behind this ASA context , so flushing ARP on all these boxes may not be possible ; do we have any other recommendations , as our ASA5585X will be running on 9.0.1 code.
Well you probably have the option to configure the old FWSMs interface MAC address to the ASAs corresponding interface manually, this way there will be no change in the ARP from the perspective of the server/host.
I guess depending on if you have a single firewall or failover firewall the command is a bit different as you define either 1 or 2 MAC addresses.
I think this was the command to modify the MAC address
Thanks Jouni, however we are planning to migrate some 20 contexts with 6 - 8 subinterfaces in each of them ; is their any other way to tweak this gratuitous ARP problem , without having to flush the ARP cache on hosts or replicating mac address from FWSM to ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...