When there is a change on the Mac-Address of a host, lets say, I had to change the NIC, PIX maintain the "old" mac on arp table. To resolve the issue it's I must clear the oldmac from arp table, even if the host send a gratuitous arp.
Is that the corrdct behavior.
Is possible to configure pix so it will accept gratuitous arp?
AFAIK the PIX/ASA only send gratuitous arps. This is defined as a security feature in the release notes. There is no mention of what it does with the gratuitous arps received but I think your experience speaks for itself. Based on the hyperdilligence of the PIX sending the gratuitous arps in order to maintain arp table integrity on adjacent devices I suppose we could infer that this also is a "feature".
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...