Hi,I am running HSRP on my internal lan with the inside ethernet interface of my firewall on the same lan and plugged into the switch. There are 2 cisco routers - all wan links are terminated on Cisco1 and isdn is terminated on Cisco2. The active default gateway is pointed towards Cisco1 and the arp cahce on the PIX has this virtual ip address and mac address in its cache. If we loose this router, Cisco2 takes over and isdn is raised. However, the arp cache on the firewall gets stuck and we have to refresh the arp cache manually even though in theory, the virtual mac address and ip address does this change. Does anyone know why we have to refresh the arp cache
Hi, there is a bug (CSCdv39306) that seems to document a problem similar to the one described by you,. However, the documented problem talks about a total loss of the default route's ARP entry. If by saying "arp cache on the firewall gets stuck" you mean loosing the cache entry totally, you should probably see this bug. The workaround seems to be configure a static mapping to the virtual MAC using the arp command with the alias option. To configure the same, please see http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/a.htm#xtocid7
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...