Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
175
Views
1
Helpful
2
Replies

Doubts about how the ARP tables of the ASA/Firepower may behave

Ariel_DF
Level 1
Level 1

‎02-21-2024 04:21 AM

Hello,

We have doubts about how the ARP tables of the ASA/Firepower may behave. I explain the situation we have, I have attached an image with the topology we have right now.

The objective is to remove the IPS (which are in transparent mode inspecting traffic only) and allow the direct connection of the Routers to the firewalls (the connection is through switches), reusing the same IPs and VLANs, so the configuration change would only be in the Routers.

Right now in the ARP table of the ASA/Firepower (and all contexts) the IP 192.168.70.1 has a MAC XX:XX:XX and when the IPS are removed this same IP 192.168.70.1 will have another MAC YY:YY: YY.

In this case would it be necessary to clear ARP in the firewalls? Or when the router sends the Gratuitous ARP because we are configuring a new interface, do the firewalls instantly update the ARP tables?

Thanks.

0 Helpful
2 Replies 2

Marius Gunnerud
VIP
VIP

‎02-21-2024 01:43 PM

Is this ASA or FTD software?

The behaviour will depend a on if you have ARP inspection configured on the firewall or not.  If it is not configured then the ARP table should be updated automatically when the router sends a gratuitous ARP.  If ARP inspection is enabled then you will need to clear the ARP table.

--
Please remember to select a correct answer and rate helpful posts

Ariel_DF
Level 1
Level 1
In response to Marius Gunnerud

‎02-22-2024 08:06 AM

Thanks for the help!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card