Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ARP problem with PIX 515

Here is our current layout.

MSR 8540 - CAT5000 - PIX 525 - CAT2950 - HOSTS

I have replaced the PIX 525 from the picture with a PIX 515 with exactly the same config. After I have repalced the firewall, everything went fine except some internal hosts cant ping each other. All the hosts are accessible from the outside. But when I try to ping from one of the internal host to another internal host it times out. After A close look at the ARP entry of the host where I am trying to ping from, I found that it has the same MAC address for the internal interface of the PIX as the MAC address of the host that I am trying to ping. If I put a static arp entry it works. But ofcourse as soon as I reboot the host, I cant ping and it has the same entry in the ARP cache.

I tried clearing the ARP entry in the PIX 515, but still dont work.

Any suggestions?

Here is a copy of the ARP entries:

Interface: on Interface 2

Internet Address Physical Address Type 00-50-54-ff-5e-5f dynamic 00-50-54-ff-5e-5f dynamic 00-50-54-ff-5e-5f dynamic is the address of the internal interface of the pix.


Re: ARP problem with PIX 515

Try disable proxy arp on the inside interface,

[no] sysopt noproxyarp

I had a similar problem, this resolved it.

New Member

Re: ARP problem with PIX 515

Hello: thanks for your reply. That did the trick. THanks so much again.

CreatePlease to create content