12-04-2019 09:11 AM
Hi All,
I have purchased a couple of these devices to replace the old ASA 5505's in remote sites.
The devices have been configured with FMC. The remote sites may only have 1 staff PC so that will plug directly into the inside interface on these firewalls.
I have created an inside Interface with a static IPv4 address. IPV6 is not enabled on it.
I have also not enabled DHCP on the interface.
I have tested this with desktops and laptops. If I configure a static IP address on the machine and plug directly into the Interface, the interface comes up but my machines tells me that the IP address is a duplicate address and I cannot ping the IP address of the Firewall.
There is nothing else plugged in here. Just one machine connected to one interface on the Firewall and the management interface connected to a switch to connect to the FMC for management. I have even unplugged the management interface and same thing.
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 58-8A-5A-30-71-2D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bd99:cb71:b767:901c%22(Preferred)
IPv4 Address. . . . . . . . . . . : 10.52.37.230(Duplicate)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Autoconfiguration IPv4 Address. . : 169.254.81.230(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.52.37.254
DHCPv6 IAID . . . . . . . . . . . : 123243098
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-0B-1B-51-58-8A-5A-30-71-2D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
If I configure DHCP on this interface it just cycles through the range of addresses and my machine never settles on an IP address and can never ping the firewall.
I have tested multiple machines to rule out a machine.
I also have an old ASA 5505 and tested the machines with that and it works without any issues
It seems to me to be an FTD issue but I cannot work out what could possibly cause this?
I am hoping someone has come across this on the 1010's?
Thanks
Gary
12-05-2019 09:02 AM
A couple of questions for you:
1. Are you running ASA or FTD code on the 1010s?
2. What is the version of ASA/FTD that you are running?
3. Can you show us your DHCP configuration?
Thank you for rating helpful posts!
12-05-2019 09:37 AM
Hi nspasov
1) running the FTD code
2) Version is 6.4.0
3) I would actually prefer not to use DHCP - was just testing it as assigning a static IP address was not working.
I connected there and went into system support diagnostic cli and did a show run (attached - with omitted customer info)
1 PC with a static IP address - connected to the inside interface and it tells me its a duplicate address.
Nothing else connected.
Thanks
Gary
07-15-2020 06:41 PM
Ran in to this problem also, where every single IP assigned to any device (static or DHCP) says it was a duplicate address. Turns out my internal interfaces was replying to all IP ARP request basically saying yes it was in use. The fix for this turned out to be in my NAT rules. I had configured Static NAT rules to forward ports from my outside IP to my inside devices, these NAT rule by default have proxy ARP on Destination Interface enabled.
In FMC go into your individual NAT rules click on the Advanced Tab and check the box next to Do not proxy ARP on Destination Interface. Now your firewall will quit replying to every request to see if that IP is in use some place.
Hope this helps someone.
06-25-2021 01:50 AM
Appreciate your answer a lot. It solved my issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide