Working on a network where the 5506's outside interface is w/in a /26 (ASA is A.B.C.32 w/ a default gateway of A.B.C.1, which is the ip of a router internally). The /26 is broken down in a way that the users of the ASA (org 1) are allowed to use .32-60 with another party (org 2) using the lower range for their firewall. The LAN segments behind the ASA and those of the other party do tie into a common backbone to connect closets, but the interfaces facing each respective organization should be isolated.
The other day I make some configuration changes to use Eth1/5 that was previously shutdown, connect it to an access port on the switch, then nat a newly created subnet (with the ip assigned to eth 1/5 as it's gateway) to NAT to A.B.C.36. While everything appeared to be working normally, the administrator of the larger /26 network advised that the ASA was creating arp entries for the entire /26 block using the mac address of Eth1/5(even after the cable was physically disconnected). I had added sysopt noproxyarp newsegment to the ASA configuration at the time of the changes, but upon review of the pre-existing configuration and noting that the command wasn't in place for any of the other interfaces I removed it.
The only way I was able to remedy the situation was to revert all the configuration changes I had made. I'd like to put the changes back into production but want to make sure I don't have the issue again.