Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ARP problem with PIX 515

Here is our current layout.

MSR 8540 - CAT5000 - PIX 525 - CAT2950 - HOSTS

I have replaced the PIX 525 from the picture with a PIX 515 with exactly the same config. After I have repalced the firewall, everything went fine except some internal hosts cant ping each other. All the hosts are accessible from the outside. But when I try to ping from one of the internal host to another internal host it times out. After A close look at the ARP entry of the host where I am trying to ping from, I found that it has the same MAC address for the internal interface of the PIX as the MAC address of the host that I am trying to ping. If I put a static arp entry it works. But ofcourse as soon as I reboot the host, I cant ping and it has the same entry in the ARP cache.

I tried clearing the ARP entry in the PIX 515, but still dont work.

Any suggestions?

Here is a copy of the ARP entries:

Interface: 192.168.3.9 on Interface 2

Internet Address Physical Address Type

192.168.3.1 00-50-54-ff-5e-5f dynamic

192.168.3.10 00-50-54-ff-5e-5f dynamic

192.168.3.26 00-50-54-ff-5e-5f dynamic

192.168.3.1 is the address of the internal interface of the pix.

2 REPLIES
Silver

Re: ARP problem with PIX 515

Try disable proxy arp on the inside interface,

[no] sysopt noproxyarp

I had a similar problem, this resolved it.

New Member

Re: ARP problem with PIX 515

Hello: thanks for your reply. That did the trick. THanks so much again.

160
Views
0
Helpful
2
Replies
CreatePlease to create content