https://community.cisco.com/t5/network-security/pix-515e-arp-problem/m-p/710224#M1035626 <P>Hi!</P><P></P><P>I have a PIX ?arp problem? that is somewhat strange. In a network used solely for Internet access there are three PIX firewalls, one 506e and two 515e failover pairs, total five boxes. All use PIX OS 6.3(5) and the only other unit in this network is the ISP router. </P><P></P><P>The network is connected using two C3750 stacks separated by a fiber (different locations). The 506e and one pair of 515e is located on one side/switch, and one 515e pair and the ISP router is located on the other side.</P><P></P><P>Sometimes the 515e on the same side/switch that 506e cannot reach the 506e. Ping doesn?t work and VPN is down etc. Connections from the other side/Internet to 506e still works indicating that the 506e is OK. Normally, the connection is working again after about four hours (arp timeout). If I clear the arp cache manually in the ?failing? 515e it works immediately.</P><P></P><P>I thought that a static arp entry would solve the problem but it didn?t. Any ideas?</P><P></P><P>Ping output?</P><P></P><P>PIX ON THE SAME SIDE:</P><P>fwgbg001# ping x.x.x.x</P><P> x.x.x.x NO response received -- 1000ms</P><P> x.x.x.x NO response received -- 1000ms</P><P> x.x.x.x NO response received -- 1000ms</P><P>fwgbg001#</P><P></P><P>PIX ON THE OTHER SIDE:</P><P>fw01# ping x.x.x.x</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P></P><P>fwgbg001# clear arp</P><P>fwgbg001# ping x.x.x.x</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P>fwgbg001#</P><P></P><P>fw01# ping x.x.x.x</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P>fw01#</P><P></P><P></P> Mon, 11 Mar 2019 09:09:07 GMT afredriksson 2019-03-11T09:09:07Z https://community.cisco.com/t5/network-security/pix-515e-arp-problem/m-p/710224#M1035626 <P>Hi!</P><P></P><P>I have a PIX ?arp problem? that is somewhat strange. In a network used solely for Internet access there are three PIX firewalls, one 506e and two 515e failover pairs, total five boxes. All use PIX OS 6.3(5) and the only other unit in this network is the ISP router. </P><P></P><P>The network is connected using two C3750 stacks separated by a fiber (different locations). The 506e and one pair of 515e is located on one side/switch, and one 515e pair and the ISP router is located on the other side.</P><P></P><P>Sometimes the 515e on the same side/switch that 506e cannot reach the 506e. Ping doesn?t work and VPN is down etc. Connections from the other side/Internet to 506e still works indicating that the 506e is OK. Normally, the connection is working again after about four hours (arp timeout). If I clear the arp cache manually in the ?failing? 515e it works immediately.</P><P></P><P>I thought that a static arp entry would solve the problem but it didn?t. Any ideas?</P><P></P><P>Ping output?</P><P></P><P>PIX ON THE SAME SIDE:</P><P>fwgbg001# ping x.x.x.x</P><P> x.x.x.x NO response received -- 1000ms</P><P> x.x.x.x NO response received -- 1000ms</P><P> x.x.x.x NO response received -- 1000ms</P><P>fwgbg001#</P><P></P><P>PIX ON THE OTHER SIDE:</P><P>fw01# ping x.x.x.x</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P></P><P>fwgbg001# clear arp</P><P>fwgbg001# ping x.x.x.x</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P>fwgbg001#</P><P></P><P>fw01# ping x.x.x.x</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P> x.x.x.x response received -- 0ms</P><P>fw01#</P><P></P><P></P> Mon, 11 Mar 2019 09:09:07 GMT https://community.cisco.com/t5/network-security/pix-515e-arp-problem/m-p/710224#M1035626 afredriksson 2019-03-11T09:09:07Z https://community.cisco.com/t5/network-security/pix-515e-arp-problem/m-p/710225#M1035644 <HTML><HEAD></HEAD><BODY><P>I ran into a similiar problem and sysopt noproxyarp fixed it. </P><P></P><P>More info <A class="jive-link-custom" href="http://cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801cd841.html#wp1026942" target="_blank">http://cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801cd841.html#wp1026942</A></P></BODY></HTML> Fri, 15 Dec 2006 17:11:25 GMT https://community.cisco.com/t5/network-security/pix-515e-arp-problem/m-p/710225#M1035644 Collin Clark 2006-12-15T17:11:25Z