Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
0
Helpful
3
Replies

PIX 515E ARP Issue

shakeelahmadch
Level 1
Level 1

‎10-25-2006 06:17 AM - edited ‎02-21-2020 01:15 AM

Guys, i am in a bit of trouble here, following is the scenario:

Two PIX-515-UR are working in fail over mode. When Secondary PIX is reloaded/crashed (boot up) and Primary PIX is active, we suddenly loss the connecitivity to our outside interface for almost around 20 seconds. The error we can recieved on syslog is this:

Warning %PIX-4-405001: Received ARP request collision from 19x.xx.xx.1/00e0.b602.xxxx on interface outside

Error is generated by Primary (Active) firewall and then every thing goes down for a time. 00e0.b602.xxxx is the mac-address on the outside interface on Primary (Active) firewall. Although FAILOVER is done by Serial (so can detect a power up active firewall) and STATE communication is done via a SWITCH rather than a CROSS CABLE.

Outside Interface (19x.xx.xx.1) on both PIX goes into a Core switch 4507 - i am unable to trace this issue. Can someone help me. Firewall OS is 7.0(4)

Regards,

Shakeel Ahmad

0 Helpful
3 Replies 3

vmoopeung
Level 5
Level 5

‎10-31-2006 07:34 AM

It looks like two device in your network which has got the same IP address (duplicate ip address), check your configuration.

Error Message %PIX-4-405001: Received ARP {request | response} collision from

IP_address/mac_address on interface interface_name

Explanation The firewall received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.

Recommended Action This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host.

0 Helpful

wharrison2000
Level 1
Level 1

‎10-31-2006 04:02 PM

Just some thoughts. If you trying to bring back up a secondary, make sure the config so your secondary is blank. Second, make sure the your firewalls are the same. Same IOS, same ASDM, same interface, and same license 3des/AES. Incompatiablity between boxes will cause the secondary to reboot before sync if finish

HTH

Bill

0 Helpful

shakeelahmadch
Level 1
Level 1
In response to wharrison2000

‎10-31-2006 11:37 PM

The device who attempts to take the IP Address is the secondary PIX (Don't know why it do this)

Both PIX are same , same hardware - same OS, same config.

thanks,Shakeel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card