Solved: Re: FTD 1120

Mani G · ‎11-08-2022

Hey! Currently working on FTD 1120 which is managed by FDM, and my query is.

FDM-6.6.1-91 VDB-336.0

- Configured Two ISP links on FDM with sla monitor.

-Basic configuration one access-list for Lan users to access internet and Nat policy which is in auto nat with dynamic.

-everything is working fine for certain time and after that lan users are not able to access internet after checking logs observed that ARP cache is getting filled. when i clear arp table manually then again started working. Please explain for this type of behaviour.

Note: LAN user is directly connected to FW, no n/w devices are their b/w firewall and Lan.

Divya Jain · ‎12-05-2022

Hi Mani,
I would say verify the interface status and then check ARP status.
Also clear arp entry and take captures to verify if there is any MAC in particualr thats causing the issue.

As a temporary solution you can configure static ARP.

There could be many reasons that could cause this issue. - incorrect config issue, proxy arp config issue, ARP cahce timeout value etc.

Try to take captures, and see the behaviour. If the issue still persists maybe try to take help from TAC and trouleshoot further.

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

Reagrds
Divya Jain

View solution in original post

ABaker94985 · ‎12-05-2022

When you look at the arp cache, do you see a bunch of the same MAC addresses? I've seen this in the past, where a device was proxy arping for everything. If this is the case, track down what is doing the proxy arp.

MHM Cisco World · ‎12-05-2022

you use nat without add keyword no proxy arp
add this keyword and everything will be fine.
https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116154-qanda-ASA-00.html

Divya Jain · ‎12-05-2022

Hi Mani,
I would say verify the interface status and then check ARP status.
Also clear arp entry and take captures to verify if there is any MAC in particualr thats causing the issue.

As a temporary solution you can configure static ARP.

There could be many reasons that could cause this issue. - incorrect config issue, proxy arp config issue, ARP cahce timeout value etc.

Try to take captures, and see the behaviour. If the issue still persists maybe try to take help from TAC and trouleshoot further.

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

Reagrds
Divya Jain