Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4319
Views
0
Helpful
4
Replies

sh arp does not show mac address of IP --- ASA

Go to solution
mahesh18
Level 6
Level 6

‎06-30-2014 12:28 PM - edited ‎03-11-2019 09:24 PM

 

Hi Everyone,

 

I can ping the IP from the ASA but when i do sh arp it does not show me mac address od that IP.

Need to know the reason behind this.

Regards

MAhesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-30-2014 01:23 PM

Is the host reachable via a gateway (router)?

If so, the gateway's MAC address will show up in your arp table as the arp table is generally limited to connected broadcast domains (which equate to VLANs - generally associated with subnets).

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎06-30-2014 08:28 PM

So your ASA should have a route on the inside interface to internal networks. The address of that next hop in the routing table is the one you should have in your arp table allowing you to reach non-directly-connected (subnet-wise) hosts within the scope of that route statement.

Think through the logic - ASA pings a host. It needs to determine proper egress interface. It checks and asks "Is it reachable via a directly connected interface (most preferred route)?" Answer no. "Do I have a route statement telling me how to get to it?" Answer yes (otherwise use default). OK - so ASA sends packet out egress interface defined in that route statement to the next hop as defined in route statement and waits for reply.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-30-2014 01:23 PM

Is the host reachable via a gateway (router)?

If so, the gateway's MAC address will show up in your arp table as the arp table is generally limited to connected broadcast domains (which equate to VLANs - generally associated with subnets).

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎06-30-2014 03:42 PM

 

Hi Marvin,

 

As per NEtwork setup the host is reachable via Switch.

Host gateway is  SVI vlan defined in switch.

When i ping host IP from ASA which mac address i should see?

SVI mac address of switch?

i checked i do not see mac address of svi vlan of switch.

Regards

MAhesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎06-30-2014 08:28 PM

So your ASA should have a route on the inside interface to internal networks. The address of that next hop in the routing table is the one you should have in your arp table allowing you to reach non-directly-connected (subnet-wise) hosts within the scope of that route statement.

Think through the logic - ASA pings a host. It needs to determine proper egress interface. It checks and asks "Is it reachable via a directly connected interface (most preferred route)?" Answer no. "Do I have a route statement telling me how to get to it?" Answer yes (otherwise use default). OK - so ASA sends packet out egress interface defined in that route statement to the next hop as defined in route statement and waits for reply.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎06-30-2014 09:11 PM

 

Thanks Marvin i got it.

Regards

Mahesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card