AS5505 arp entries.

bruce.thornton · ‎08-02-2019

This is really a weird one. I have a VPN tunnel, up/online between ASA5525-X and ASA5505. The problem I'm experiencing is on the ASA5505 side. The protect network, these are not actual adresses, 192.168.1.0/24. Very small 4 host that are statically assigned to Vlan -X that is the inside network/zone. The switch ports are assigned to Vlan-XX, not Outside, made sure of that. Now when I assign a 192.168.1.x/24/Gw 192.168.1.1(this is the address assigned to Inside Int) the mac address will show up in the arp table, but I can't ping that address from the FW. If I reload the firewall, all will state to work.

Ideas/suggestions. The code on the ASA5505 is 9.2(4).

Alan Ng'ethe · ‎08-02-2019

Hi, that is strange.

Could you paste a:

show switch vlan

show int ip brief

show nameif

show mac address-table

How is the switch where the hosts and firewall connect configured?

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

bruce.thornton · ‎08-03-2019

More information, when first connected, all works fine, if you reboot the workstations, the workstations will not reconnect, get "duplicate address" error on the device. Reboot the ASA5505 and all works again, as if the ASA sees mac address as duplicate. I've even tried static arp entries. This did not help, only resolution is to reboot ASA if the device loses connection to the ASA. Again these are static assignments ip addresses in the devices and I;ve validated that all devices have different ip addresses and the mask/gateway correct for the devices. Ideas?????