I'm having trouble with a pix 525 implementation that is replacing a pix 515. A DMZ segment has 2 routers that each have a frame pvc to about 100 remote routers (redundant links into 2 core routers for the 100 remote sites). As I bring this new pix online, everything appears to work perfectly for 3-4 hours the the DMZ access just falls away and a device in another DMZ starts reporting that is sees dup IPs sourcing from the pix. TAC believes that the dup-IP issue is a proxyarp issue and I'm wondering if the same thing is causing the breakdown in the router DMZ - ie- as the 2 routers expire arps and issue arps for each other, the Pix is answering and the routers cache a wrong entry causing the breakdown. I checked here and on google newsgroups and I'm seeing some scary info regarding the 'no sysopt proxyarp' command... I'm looking for comments from anyone that has encountered anything like this or some input that may help me a bit...
Are you using 'alias' command on pix, if so, you need to disable proxyarp for that interface as part of the alias implemetation starts proxy arping for that IPs, therefore, you need to disable proxyarp in conjunction with alias command.
CSCdu74759 (Alias command for DNS fixup requires disabling proxy arp)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...