04-15-2022 11:59 AM - edited 04-15-2022 02:14 PM
We are experiencing communication loss issues to destinations behind our firewall. These packet losses are not constant but they happen quite frequently.
We analyze the firewall logs and observe messages indicating an IP conflict on the outside interface of the firewall and validate with the Mac address that the conflict is with the standby firewall.
%ASA-4-405003: IP address collision detected between host x.x.x.x at aaaa.aaaa.aaaa and interface outside, bbbb.bbbb.bbbb
Solved! Go to Solution.
04-15-2022 12:08 PM - edited 04-15-2022 12:14 PM
Active and standby outside have same interfsce or other l3 connect to switch is use one of asa outside ip address.
This for log,
For loss packet i think the issue is routing packet not asa deny traffic.
Can you share more detail.
04-15-2022 12:11 PM
Error Message %ASA-4-405003: IP address collision detected between host IP_address at MAC_address and interface interface_name , MAC_address .
Explanation A client IP address in the network is the same as the ASA interface IP address.
Recommended Action Change the IP address of the client.
04-15-2022 12:08 PM - edited 04-15-2022 12:14 PM
Active and standby outside have same interfsce or other l3 connect to switch is use one of asa outside ip address.
This for log,
For loss packet i think the issue is routing packet not asa deny traffic.
Can you share more detail.
04-15-2022 12:34 PM - edited 04-15-2022 02:16 PM
In the logs we also see this message very frequently.
%ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 18 per second, max configured rate is 10; Current average rate is 39 per second, max configured rate is 5; Cumulative total count is 23421
%ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 3 per second, max configured rate is 8; Current average rate is 38 per second, max configured rate is 4; Cumulative total count is 137805
04-15-2022 12:48 PM
04-15-2022 01:02 PM - edited 04-15-2022 02:15 PM
Thanks for the reference
04-15-2022 12:49 PM
04-15-2022 12:11 PM
Error Message %ASA-4-405003: IP address collision detected between host IP_address at MAC_address and interface interface_name , MAC_address .
Explanation A client IP address in the network is the same as the ASA interface IP address.
Recommended Action Change the IP address of the client.
04-15-2022 01:06 PM - edited 04-15-2022 02:16 PM
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide