Traffic from within the same subnet hitting my GW firewall - HELP!
I have a cisco 5505 HA pair connected to the 10.1.0.0/16 subnet
The LAN IP is 10.1.1.5 and the standby is 10.1.1.254.
I am looking at the logging and can see traffic going from 10.1.0.0/24 address to OTHER 10.1.0.0/24 adddresses.
If I tick the "Enable traffic between two or more hosts connected to the same interface" and click apply the logs seems to be allowing the traffic. However I have no idea why the traffic should be be TOUCHING the firewall.
Surely the switches in the middle (Cisco 3750 switches) would forward ARP requests and so forth and learn that destination MAC addresses for the devices on the same network (even though it is not aware of L3) will not be out the port that leads to the firewall.
This is the second time I have installed an HA pair at a site and find traffic between devices on the same network hitting the firewall.
Is there some bizarre qwerk where an ASA will reply to ARP requests or something?
I have checked all PCs and they are on the correct subnet with the correct subnet masks.
PLease help. This is driving me insane and goes against eveything I understand about networking
Re: Traffic from within the same subnet hitting my GW firewall -
ASA proxy ARP is only triggered for NAT global addresses and VPN client addresses. Check your config which one causes misdirecting your traffic. It is a common mistake to forget no-proxy-arp from identity NAT statements.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...