I have a failover pair that are running in transparent mode. the problem that we are experiencing is that the upstream router (connected to the outside interfaces) are selecting the mac of inside interface. this causes communication, as we use ssh to monitor the health of the standby unit by ssh'ing into it.
Not sure how the router is getting the mac address of the inside.
How is your router connected to the PIX outside interface? ie: can you double check that it is connected to the switchport that has been assigned the same vlan as the PIX outside interface? If you "clear arp" on the router, does it dynamically learn the inside mac address of the PIX? Are you connecting the PIX inside and outside interfaces to the same switch? Can you also confirm if there is no SVI configured at all for the PIX inside vlan.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...