I have PIX inside (eth1) connected through vlan 200 via 6500 switch to Avaya P550. Vlan 200 is terminated at P550 with IP 200.1. Pix is configured to allow ICMP echo and echo-replies.
All devices that are part of VLAN 200 on 6500 can access (ping) P550 200.1. All devices also can ping PIX inside (eth1). However, pix cannot ping 200.1 It never gets ARP-REply back from P550, but all devices on the same VLAN do. In addition, when I swap inside and outside interface and configure outside (ethernet0) to use 200.x and be a part of VLAN 200, IT WORKS. No problems whatsoever.
And only difference is in the last digit of the MAC on the PIX.
I flushed the avaya table, check for any static ARPs, and I get nothing. When outside is connected to VLAN 200, I can't see its Arp entry in the avaya arp cashe. However, when inside int (Eth1) is connected to Vlan 200, I can't see its ARP in the Avaya's ARP table,and never get any ARP-REplies back.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...