Re: PIX 520 with possible ARP problems.

erdiazgue · ‎03-31-2005

Hi,

A computer in front of a pix 520 is sometimes getting resolved with 1 ip address and sometimes with another ip address.

Sometimes the pix can ping that ip address and sometimes it can’t.

My question is could there be any problem with the arp table given the fact that sometimes the pix is getting 1 ip with 1 mac address, and then its getting a different ip with the same Mac address?

What could be done in this case when the pix gets different ip addresses (2 of them) for one computer?

getmedrew · ‎03-31-2005

Ok, it sounds like the box in front of the pix is getting a dynamic ip address, in this case you are correct, the pix is getting "mixed" ip addresses with the same mac address, in this case this depends on the timer for DHCP server.

Do you happen to know how often the computer gets a new ip address?

If you happen to know and you are running lets say an NTP server bound to the pix and the DHCP server then you are running the same time on both devices, this is what you can do on the pix side.

unfortunately there is no timer on the pix to clear the arp table, but you can manually clear it by doing a clear arp.

if you do #sh time you will be able to see the different timers though

erdiazgue · ‎03-31-2005

Unfortunately I don't have control of the computer that is getting different ip addresses, (it's only getting an ip address from a pool of 2 ip addresses).

Would it help lowering the arp timeout? I haven't tried this since its in production, I don't want to affect it's behavior.

Thanks