Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
2
Replies

ASA 8.4 and ARP.

andrea.meconi
Level 2
Level 2

‎03-10-2011 03:52 AM - edited ‎03-11-2019 01:04 PM

We are using an ASA with 8.4 in transparent mode. Connection fails when a host on inside tries to connect to a server on outside. This server uses mac-address 0100.5E00.0000 to load balance but replies with real mac-address.
Firewall logs "Deny TCP".
ARP inspection is disabled.
Any idea?
Thanks.
Andrea

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-10-2011 08:58 AM

Andrea,

You get a ''Deny TCP'' when attempting the connection, but can you PING from the host to the server (through the ASA)?

Just want to check if it's indeed an ARP problem or a firewall rule for TCP traffic.

Federico.

0 Helpful

andrea.meconi
Level 2
Level 2
In response to Federico Coto Fajardo

‎03-10-2011 01:48 PM

Hello Federico and many thanks for your help.

Yes, we can ping the server.

There is a rule with permit ip any for testing.

The capture on outside show packets with correct server IP address but with different mac address (different from ARP).

Servers are configured with Microsoft NLB, IGMP multicast 01005E.

Regards.

Andrea

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card