PIX ARP problem

mrcomm2000 · ‎08-12-2003

Dear All

I got a problem with my PIX 525, when i upgraded the IOS from 6.1 to 6.3 .

The problem is that the Gateway router failed to catch the mac-address (of the PIX) of some machines behind the firewall although the firewall see these machines, i don't know if it is problem of proxy arp in the PIX or what ???

The problem took place with one range of IPs x.x.x.x although there is no problem with the same machines if they are natted with another range y.y.y.y...

I made a workaround by putting a static arp for those machines on the Gateway and they are now seen by the gateway ...

I don't know what is exactly the problem ...

I hope anyone can help ...

jmia · ‎08-12-2003

Hi -

Have you got command - sysopt noproxyarp inside ?

Thanks -

mrcomm2000 · ‎08-12-2003

No i don't, but i found i bug related to this IOS 6.3(1)

Here is the Bug ID CSCeb06082

BR

l.mourits · ‎08-14-2003

Hi,

The PIX does proxy-ARP by default for every static translated address or range of addresses. For example, the command:

static (inside, outside) 62.219.219.189 10.1.1.1

will let the PIX proxy-ARP for the address 62.219.219.189 on the outside interface

The command no sysopt proxyarp is not needed if static translations are setup correctly.

You could post you config (remove passwords and real IP's) and we can have a closer look at it.

Kind regards,

Leo

mrcomm2000 · ‎08-14-2003

Dear Leo

First thank you for your help, but i opened a case with the TAC, and i found that the IOS version 6.3.1 has a bug that made what i told you, The BUG ID CSCeb06082 you can take a look at it....

I know you are talking from the technical point of view of facts but what the IOS does is sometimes different ...

Thanks again