Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515E ARP Issue

Guys, i am in a bit of trouble here, following is the scenario:

Two PIX-515-UR are working in fail over mode. When Secondary PIX is reloaded/crashed (boot up) and Primary PIX is active, we suddenly loss the connecitivity to our outside interface for almost around 20 seconds. The error we can recieved on syslog is this:

Warning %PIX-4-405001: Received ARP request collision from 19x.xx.xx.1/00e0.b602.xxxx on interface outside

Error is generated by Primary (Active) firewall and then every thing goes down for a time. 00e0.b602.xxxx is the mac-address on the outside interface on Primary (Active) firewall. Although FAILOVER is done by Serial (so can detect a power up active firewall) and STATE communication is done via a SWITCH rather than a CROSS CABLE.

Outside Interface (19x.xx.xx.1) on both PIX goes into a Core switch 4507 - i am unable to trace this issue. Can someone help me. Firewall OS is 7.0(4)

Regards,

Shakeel Ahmad

3 REPLIES
Bronze

Re: PIX 515E ARP Issue

It looks like two device in your network which has got the same IP address (duplicate ip address), check your configuration.

Error Message %PIX-4-405001: Received ARP {request | response} collision from

IP_address/mac_address on interface interface_name

Explanation The firewall received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.

Recommended Action This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host.

New Member

Re: PIX 515E ARP Issue

Just some thoughts. If you trying to bring back up a secondary, make sure the config so your secondary is blank. Second, make sure the your firewalls are the same. Same IOS, same ASDM, same interface, and same license 3des/AES. Incompatiablity between boxes will cause the secondary to reboot before sync if finish

HTH

Bill

New Member

Re: PIX 515E ARP Issue

The device who attempts to take the IP Address is the secondary PIX (Don't know why it do this)

Both PIX are same , same hardware - same OS, same config.

thanks,Shakeel

123
Views
0
Helpful
3
Replies
CreatePlease login to create content