cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1049
Views
0
Helpful
6
Replies

Clearing ARP on firewall restores connection

Suresh Varghese
Level 1
Level 1

Hello

 

I currently have an ASA5505 running Version 9.1(6)

The outside interface of the firewall is connected to ADSL router which in turn is connected to the internet

Every now and then...the connection drops and i am not able to ping the ADSL modem IP which is the gateway (default route) on the ASA

When i do a clear ARP on the ASA...it starts working

I assume that this is not the ASA acting up but is an issue with the next hop device but how can i resolve this.

 

I would appreciate if anyone can shed some light in helping me sort this matter out.

 

many thanks in advance.

Sureshv

 

6 Replies 6

Florin Barhala
Level 6
Level 6
Let's tshoot this together.
First of all we have to find out the ARP entry that's causing trouble.

Can you post:
show run route
show nameif
show arp | i outside

Hello Florin,

Sorry for the delayed response, please find attached the output that you had requested for

regards

 

What I am interested in as next step: next time you have this issue does the ARP entry looks the same as before :

 

outside 192.168.253.1 58ef.6809.a192 18

 

and of course after you clear ARP do you get same mac address?

How often does this issue happen?

There is a bug related to proxy-arp that can cause this type of behavior.  Have a look

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy28710/?rfs=iqvred

--
Please remember to select a correct answer and rate helpful posts

Hi Marius

The issue happens randomly....like whenever it feels like, no specific time of period.

As for the bug, we suspected the same and upgraded the firmware from version 8 to 9.1.6

Based on the table provided in the link by you, does it mean i have to upgrade to a more higher version.

 

regards

 

You could also set up a capture on the ASA inside and outside interfaces when this is happening to see if traffic is actually being sent out the outside interface.  Also, before clearing the ARP table, check to make sure that the MAC to IP address mappings are correct for the default route.

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card