Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
2
Replies

PIX transparent mode and ARP

edgar.reinke
Level 1
Level 1

‎09-12-2006 05:44 AM - edited ‎02-21-2020 01:10 AM

When PIX forwards an ARP Request in transparent mode, it inserts its own (!) mac address as source in the ethernet header. So it is not really transparent. E.G.:

Original ARP Request:

ETH Source: PC

ETH Destination: Router

ARP Sender HW: PC IP: PC

ARP Receiver HW: ? IP: Router

ARP Request after travelling through transparent PIX:

ETH Source: PIX (!!!)

ETH Destination: Router

ARP Sender HW: PC IP: PC

ARP Receiver HW: ? IP: Router

The problem is, that some end devices do not answer such an arp packet. And that is the trouble we run into ...

Any helping hand?

Thanks in advance

Edgar

0 Helpful
2 Replies 2

andrew.goss
Level 1
Level 1

‎09-12-2006 07:28 AM

I can't think of a reason why a server/PC would not respond to that particular frame, to all intents and purposes it doesn't care what the mac address is of the ETH Source.

I've been using PIX's in transparent mode for over a year now, and haven't experienced any problems like that. However I have routers on both inside and outside interfaces...

Andy.

0 Helpful

edgar.reinke
Level 1
Level 1
In response to andrew.goss

‎09-12-2006 11:02 AM

Thanks for your reply. Normally the router should not care about the MAC source in the ethernet header. Nevertheless, it is not a normal behavior to have a different source than in the corresponding ARP request field.

I have changed pix os from 7.2 to 7.0(6) and now everything is fine: PIX do not change the source address any longer.

Edgar

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card