Hi!

I have a PIX ?arp problem? that is somewhat strange. In a network used solely for Internet access there are three PIX firewalls, one 506e and two 515e failover pairs, total five boxes. All use PIX OS 6.3(5) and the only other unit in this network is the ISP router.

The network is connected using two C3750 stacks separated by a fiber (different locations). The 506e and one pair of 515e is located on one side/switch, and one 515e pair and the ISP router is located on the other side.

Sometimes the 515e on the same side/switch that 506e cannot reach the 506e. Ping doesn?t work and VPN is down etc. Connections from the other side/Internet to 506e still works indicating that the 506e is OK. Normally, the connection is working again after about four hours (arp timeout). If I clear the arp cache manually in the ?failing? 515e it works immediately.

I thought that a static arp entry would solve the problem but it didn?t. Any ideas?

Ping output?

PIX ON THE SAME SIDE:

fwgbg001# ping x.x.x.x

x.x.x.x NO response received -- 1000ms

x.x.x.x NO response received -- 1000ms

x.x.x.x NO response received -- 1000ms

fwgbg001#

PIX ON THE OTHER SIDE:

fw01# ping x.x.x.x

x.x.x.x response received -- 0ms

x.x.x.x response received -- 0ms

x.x.x.x response received -- 0ms

fwgbg001# clear arp

fwgbg001# ping x.x.x.x

x.x.x.x response received -- 0ms

x.x.x.x response received -- 0ms

x.x.x.x response received -- 0ms

fwgbg001#

fw01# ping x.x.x.x

x.x.x.x response received -- 0ms

x.x.x.x response received -- 0ms

x.x.x.x response received -- 0ms

fw01#