cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1199
Views
0
Helpful
4
Replies

FSWM problem Large ARP table

diego.israel
Level 1
Level 1

Hi.

I'm expreiencing a problem in the FWSM on the company. The virtual context stops doing NATs suddenly and the servers behind it get no access to anything.

The firewall has several static policy nats with port forwarding configured on the Inside interface, and we have figured out that the ARP table becomes really large and it's crating an entry for each host in the outside, that's a lot of hosts.

Example NAT:

access-list Lilian-Inside_nat_static_4 extended permit tcp host 192.168.5.118 eq www any

static (Lilian-Inside,Lilian-Outside) tcp LISIM-WAN 8080 access-list Lilian-Inside_nat_static_4

ARP TABLE:

Lilian-Outside 173.193.106.10 0024.c4c0.b980

Lilian-Outside 66.77.186.30 0024.c4c0.b980

Lilian-Outside 201.245.171.190 0024.c4c0.b980

Lilian-Outside 190.66.208.211 0024.c4c0.b980

Lilian-Outside 105.136.70.251 0024.c4c0.b980

... and the list continues up to 450 hosts in this moment.

Don't know the reason why the FW creates the Arp entries this way.

Please help and thank you in advanc

4 Replies 4

diego.israel
Level 1
Level 1

Sorry, I mistyped the title, it should be FWSM

Hi,

Well seems each ARP entry has the same MAC address. Also the MAC address belongs a Cisco device.

Does the MAC addres belong to some interface on the FWSM?

I guess the amount of ARP entries is due to some NAT configuration.

Do you only have one public IP address at your disposal? Are all public NAT configurations using the same IP address?

Is there some specific reason that you havent done the above NAT configuration for example in the following way

static (Lilian-Inside,Lilian-Outside) tcp LISIM-WAN 8080 192.168.5.118 80 netmask 255.255.255.255

- Jouni

Hi,

The mac 0024.c4c0.b980 belongs to a 7600 cisco router, the topology is like this:

Servers---FW---7609----INTERNET

                |

          Connection to office

There are 2 IPs availables, and both of them are used with port forwarding.

The nats are created that way by the ASDM.

We have realized that this context uses most of the CPU of the entire FWSM, so we limited the number of xlates alowed in order to avoid affecting performance on other contexts, but the problems with our customer continues.

Regards

danielalbertog
Level 1
Level 1

Hi Diego

It seems a routing problem regadless to the default gateway.

please look oput the default gateway of your FWSM context

Daniel Gómez

Review Cisco Networking for a $25 gift card