Good afternoon. I have the pix 515e with 6 interfaces.

pix-firewall# sh ver

Cisco PIX Firewall Version 6.3(3)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

The computers placed in the dmz, sometimes lose connection with each other. Has found out a following problem: at arp the request sent by a computer, it receives the answer and from the necessary computer, and from pix.

ip address on the pix interface (dmz) - 172.21.35.1

Test connectivity at computer with ip address 172.21.35.5 with clear arp table:

ping 172.21.35.4

Pinging 172.21.35.4 with 32 bytes of data:

Reply from 172.21.35.4: bytes=32 time<1ms TTL=128

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 172.21.35.4:

Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),

After ping:

>arp -a

Interface: 172.21.35.5 --- 0x10003

Internet Address Physical Address Type

172.21.35.1 00-0d-88-ef-23-29 dynamic

172.21.35.2 00-0d-60-ec-85-32 dynamic

172.21.35.4 00-0d-88-ef-23-29 dynamic

very strange: mac address .1 and .4 identical

Ethereal,running on the same computer:

No. Time Source Destination Protocol Info

1 0.000000 172.21.35.4 Broadcast ARP Who has 172.21.35.1? Tell 172.21.35.4

Frame 1 (106 bytes on wire, 106 bytes captured)

Ethernet II, Src: 172.21.35.4 (00:11:25:57:f9:2c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

Address Resolution Protocol (request)

No. Time Source Destination Protocol Info

2 1.381832 172.21.35.2 172.21.35.5 ARP Who has 172.21.35.5? Tell 172.21.35.2

Frame 2 (60 bytes on wire, 60 bytes captured)

Ethernet II, Src: 172.21.35.2 (00:0d:60:ec:85:32), Dst: 172.21.35.5 (00:11:25:a8:75:7e)

Address Resolution Protocol (request)

No. Time Source Destination Protocol Info

3 1.381842 172.21.35.5 172.21.35.2 ARP 172.21.35.5 is at 00:11:25:a8:75:7e

Frame 3 (42 bytes on wire, 42 bytes captured)

Ethernet II, Src: 172.21.35.5 (00:11:25:a8:75:7e), Dst: 172.21.35.2 (00:0d:60:ec:85:32)

Address Resolution Protocol (reply)

No. Time Source Destination Protocol Info

4 2.754731 172.21.35.5 Broadcast ARP Who has 172.21.35.4? Tell 172.21.35.5

Frame 4 (42 bytes on wire, 42 bytes captured)

Ethernet II, Src: 172.21.35.5 (00:11:25:a8:75:7e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

Address Resolution Protocol (request)

No. Time Source Destination Protocol Info

5 2.754839 172.21.35.4 172.21.35.5 ARP 172.21.35.4 is at 00:11:25:57:f9:2c

Frame 5 (106 bytes on wire, 106 bytes captured)

Ethernet II, Src: 172.21.35.4 (00:11:25:57:f9:2c), Dst: 172.21.35.5 (00:11:25:a8:75:7e)

Address Resolution Protocol (reply)

No. Time Source Destination Protocol Info

6 2.754968 172.21.35.1 172.21.35.5 ARP 172.21.35.4 is at 00:0d:88:ef:23:29

Frame 6 (60 bytes on wire, 60 bytes captured)

Ethernet II, Src: 172.21.35.1 (00:0d:88:ef:23:29), Dst: 172.21.35.5 (00:11:25:a8:75:7e)

Address Resolution Protocol (reply)

on the pix

#debug arp

782: arp-in: request at dmz from 172.21.35.4 0011.2557.f92c for 172.21.35.1 0000.0000.0000

783: arp-set: added arp dmz 172.21.35.4 0011.2557.f92c

784: arp-in: generating reply from 172.21.35.1 000d.88ef.2329 to 172.21.35.4 0011.2557.f92c

793: arp-in: request at dmz from 172.21.35.5 0011.25a8.757e for 172.21.35.4 0000.0000.0000

794: arp-set: added arp dmz 172.21.35.5 0011.25a8.757e

795: arp-in: generating reply from 172.21.35.4 000d.88ef.2329 to 172.21.35.5 0011.25a8.757e

Why pix sends the answer on arp request?