I'm having trouble with a pix 525 implementation that is replacing a pix 515. A DMZ segment has 2 routers that each have a frame pvc to about 100 remote routers (redundant links into 2 core routers for the 100 remote sites). As I bring this new pix online, everything appears to work perfectly for 3-4 hours the the DMZ access just falls away and a device in another DMZ starts reporting that is sees dup IPs sourcing from the pix. TAC believes that the dup-IP issue is a proxyarp issue and I'm wondering if the same thing is causing the breakdown in the router DMZ - ie- as the 2 routers expire arps and issue arps for each other, the Pix is answering and the routers cache a wrong entry causing the breakdown. I checked here and on google newsgroups and I'm seeing some scary info regarding the 'no sysopt proxyarp' command... I'm looking for comments from anyone that has encountered anything like this or some input that may help me a bit...

here's what is scaring me:

http://groups.google.com/groups?q=pix+noproxyarp&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=slrnagstd0.pau.caSPAMruAWAYso%40paradiso.umuc.edu&rnum=1

http://groups.google.com/groups?q=pix+noproxyarp&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=slrnah4mms.95q.caSPAMruAWAYso%40paradiso.umuc.edu&rnum=2