https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881695#M437906 <P>Hi.</P><P></P><P>I'm expreiencing a problem in the FWSM on the company. The virtual context stops doing NATs suddenly and the servers behind it get no access to anything.</P><P></P><P>The firewall has several static policy nats with port forwarding configured on the Inside interface, and we have figured out that the ARP table becomes really large and it's crating an entry for each host in the outside, that's a lot of hosts.</P><P></P><P>Example NAT:</P><P>access-list Lilian-Inside_nat_static_4 extended permit tcp host 192.168.5.118 eq www any</P><P>static (Lilian-Inside,Lilian-Outside) tcp LISIM-WAN 8080 access-list Lilian-Inside_nat_static_4</P><P></P><P>ARP TABLE:</P><P></P><P>Lilian-Outside 173.193.106.10 0024.c4c0.b980 </P><P> Lilian-Outside 66.77.186.30 0024.c4c0.b980 </P><P> Lilian-Outside 201.245.171.190 0024.c4c0.b980 </P><P> Lilian-Outside 190.66.208.211 0024.c4c0.b980 </P><P> Lilian-Outside 105.136.70.251 0024.c4c0.b980 </P><P></P><P>... and the list continues up to 450 hosts in this moment.</P><P></P><P>Don't know the reason why the FW creates the Arp entries this way.</P><P></P><P>Please help and thank you in advanc</P> Mon, 11 Mar 2019 22:59:58 GMT diego.israel 2019-03-11T22:59:58Z https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881695#M437906 <P>Hi.</P><P></P><P>I'm expreiencing a problem in the FWSM on the company. The virtual context stops doing NATs suddenly and the servers behind it get no access to anything.</P><P></P><P>The firewall has several static policy nats with port forwarding configured on the Inside interface, and we have figured out that the ARP table becomes really large and it's crating an entry for each host in the outside, that's a lot of hosts.</P><P></P><P>Example NAT:</P><P>access-list Lilian-Inside_nat_static_4 extended permit tcp host 192.168.5.118 eq www any</P><P>static (Lilian-Inside,Lilian-Outside) tcp LISIM-WAN 8080 access-list Lilian-Inside_nat_static_4</P><P></P><P>ARP TABLE:</P><P></P><P>Lilian-Outside 173.193.106.10 0024.c4c0.b980 </P><P> Lilian-Outside 66.77.186.30 0024.c4c0.b980 </P><P> Lilian-Outside 201.245.171.190 0024.c4c0.b980 </P><P> Lilian-Outside 190.66.208.211 0024.c4c0.b980 </P><P> Lilian-Outside 105.136.70.251 0024.c4c0.b980 </P><P></P><P>... and the list continues up to 450 hosts in this moment.</P><P></P><P>Don't know the reason why the FW creates the Arp entries this way.</P><P></P><P>Please help and thank you in advanc</P> Mon, 11 Mar 2019 22:59:58 GMT https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881695#M437906 diego.israel 2019-03-11T22:59:58Z https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881696#M437910 <HTML><HEAD></HEAD><BODY><P>Sorry, I mistyped the title, it should be FWSM</P></BODY></HTML> Mon, 30 Apr 2012 19:31:58 GMT https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881696#M437910 diego.israel 2012-04-30T19:31:58Z https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881697#M437911 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Well seems each ARP entry has the same MAC address. Also the MAC address belongs a Cisco device.</P><P></P><P>Does the MAC addres belong to some interface on the FWSM?</P><P></P><P>I guess the amount of ARP entries is due to some NAT configuration.</P><P></P><P>Do you only have one public IP address at your disposal? Are all public NAT configurations using the same IP address?</P><P></P><P>Is there some specific reason that you havent done the above NAT configuration for example in the following way</P><P></P><P><STRONG>static (Lilian-Inside,Lilian-Outside) tcp LISIM-WAN 8080 192.168.5.118 80 netmask 255.255.255.255</STRONG></P><P></P><P>- Jouni</P></BODY></HTML> Tue, 01 May 2012 16:08:30 GMT https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881697#M437911 Jouni Forss 2012-05-01T16:08:30Z https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881698#M437912 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>The mac 0024.c4c0.b980 belongs to a 7600 cisco router, the topology is like this:</P><P></P><P>Servers---FW---7609----INTERNET</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Connection to office</P><P></P><P>There are 2 IPs availables, and both of them are used with port forwarding.</P><P></P><P>The nats are created that way by the ASDM.</P><P></P><P>We have realized that this context uses most of the CPU of the entire FWSM, so we limited the number of xlates alowed in order to avoid affecting performance on other contexts, but the problems with our customer continues.</P><P></P><P>Regards</P></BODY></HTML> Wed, 02 May 2012 14:20:38 GMT https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881698#M437912 diego.israel 2012-05-02T14:20:38Z https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881699#M437913 <HTML><HEAD></HEAD><BODY><P>Hi Diego</P><P></P><P>It seems a routing problem regadless to the default gateway.</P><P></P><P>please look oput the default gateway of your FWSM context</P><P></P><P></P><P></P><P>Daniel Gómez</P></BODY></HTML> Wed, 02 May 2012 22:03:53 GMT https://community.cisco.com/t5/network-security/fswm-problem-large-arp-table/m-p/1881699#M437913 danielalbertog 2012-05-02T22:03:53Z