cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
740
Views
5
Helpful
7
Replies

Loss of communication through ASA 5516 Firewall

MambaRod16
Beginner
Beginner

 

We are experiencing communication loss issues to destinations behind our firewall. These packet losses are not constant but they happen quite frequently.

We analyze the firewall logs and observe messages indicating an IP conflict on the outside interface of the firewall and validate with the Mac address that the conflict is with the standby firewall.

%ASA-4-405003: IP address collision detected between host x.x.x.x at aaaa.aaaa.aaaa and interface outside, bbbb.bbbb.bbbb

 

2 Accepted Solutions

Accepted Solutions

MHM Cisco World
Advisor
Advisor

Active and standby outside have same interfsce or other l3 connect to switch is use one of asa outside ip address.

This for log,

For loss packet i think the issue is routing packet not asa deny traffic.

Can you share more detail.

View solution in original post

balaji.bandi
VIP Guru VIP Guru
VIP Guru

405003

Error Message %ASA-4-405003: IP address collision detected between host IP_address at MAC_address and interface interface_name , MAC_address .

Explanation A client IP address in the network is the same as the ASA interface IP address.

Recommended Action Change the IP address of the client.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

7 Replies 7

MHM Cisco World
Advisor
Advisor

Active and standby outside have same interfsce or other l3 connect to switch is use one of asa outside ip address.

This for log,

For loss packet i think the issue is routing packet not asa deny traffic.

Can you share more detail.

Hi MHM Cisco World,

 

In the logs we also see this message very frequently.

%ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 18 per second, max configured rate is 10; Current average rate is 39 per second, max configured rate is 5; Cumulative total count is 23421

%ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 3 per second, max configured rate is 8; Current average rate is 38 per second, max configured rate is 4; Cumulative total count is 137805

 

Thanks for the reference

balaji.bandi
VIP Guru VIP Guru
VIP Guru

405003

Error Message %ASA-4-405003: IP address collision detected between host IP_address at MAC_address and interface interface_name , MAC_address .

Explanation A client IP address in the network is the same as the ASA interface IP address.

Recommended Action Change the IP address of the client.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers