07-04-2008 12:10 AM - edited 03-11-2019 06:09 AM
Hi,
we installed an ASA firewall to replace the PIX firewall in a customer site.
when we did this the customer ran a ping from a server on the inside network (lets say 192.168.1.1) to another server on the inside network (lets say 192.168.1.2). both the servers gateway are the new asa firwall. we get dropped packets and when we look at the arp -a on the 192.168.1.1 server it shwos that the mac-address of 192.168.1.2 is that of the asa firewall's inside interface.
this is wierd. this occurs again if we run a ping from a different server to another different server. again it shows the sevrer we are pinging as the mac-address of the asa firewall in the arp cache. we get the first reply and then dropped pings.
this is strange as the pings are local and should not actually hit the firewall so has anyone seen this before?
i could understand if the two servers were on different interfaces on the firewal but they are not. if you disconnect the asa firewall then everything works and you can ping. there is no clash of ip addresses as well.
any ideas or suggestions would be very much welcome
cheers
chris
07-04-2008 12:21 AM
Hi, try to use following command then try...
clear xlate
Ray
07-04-2008 12:25 AM
Ray,
we tried that as well and still the same.
if we do a show arp in the asa firewall it displays the correct mac-address for them servers.
the customer is back on the old pix firewall now and does not have any issues.
any more ideas.
07-04-2008 12:34 AM
Hi,
Did you clear the ARP cache on the switch ?
07-04-2008 12:36 AM
Ray,
did that as well on all the switches
07-04-2008 12:54 AM
show the configuration.
to disable proxy arp you can use
"sysopt noproxyarp inside"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide