ASA failover and HSRP gw

farkascsgy · ‎11-27-2006

Hello All,

I have two ASA5520 (with 7.2 software) in statful failover over LAN. And these firewalls are connected to my border routers, on border routers HSRP operates and provides virtual address - HSRPprovide the next hop for outside static route. My problem is that I receive the next syslog message:

%ASA-4-405001: Received ARP response collision from "ASA outside IP"/0000.0c07.ac00 on interface outside

And after this message the Active ASA fail and secondary become active.

Please send me some info how to solve this issue.

Thanks in advance

FCS

zubairjalal · ‎11-27-2006

If you have uploaded the complete error message, it seems that there is an IP conflict. The device with the mac address 0000.0c07.ac00 must be having an IP which is already present on the firewall.

You will have to check the mac address 0000.0c07.ac00 . By checking i mean, you will have to trace this mac address. You can check your L2 switch for its mac address table. See from which port it is learning this mac address. If it is a cisco switch check by

show mac-address-table

Pls let me know if 0000.0c07.ac00 belongs to the ASA itself.Then it has to be some other issue.

regards

Zubair

--Pls rate if it helps--

farkascsgy · ‎11-27-2006

Zubair,

0000.0c07.ac00 is HSRP virtual mac address as I know.

bye

FCS

zubairjalal · ‎11-27-2006

Check the following bug id's CSCsc34022 and CSCsc47618. Maybe it is of some help.

regards

Zubair

farkascsgy · ‎11-27-2006

Thanks again Zubar...

But this bugs are different what I expect. My standby asa can take over the resources, when this arp issue is appear. And the mac address is coming from my border routers (they are HSRP pair).

Thanks,

FCS