Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5360
Views
0
Helpful
3
Replies

Received ARP request collision from IP inside Adress of a PIX 515

khayhuynh
Level 1
Level 1

‎09-04-2006 01:11 AM - edited ‎02-21-2020 01:09 AM

Hi all,

We have a PIX515-DMZ, with the INSIDE adress IP : 10.40.144.2

We notice that we have a lot of errors:

Aug 30 18:25:10 10.40.144.2 Aug 30 2006 18:08:19: %PIX-4-405001: Received ARP request collision from 10.40.144.2/0011.43e1.c5d5 on interface inside

Aug 30 18:25:10 10.40.144.2 Aug 30 2006 18:08:19: %PIX-4-405001: Received ARP response collision from 10.40.144.2/0011.43e1.c5d6 on interface inside

Aug 30 18:25:40 10.40.144.2 Aug 30 2006 18:08:50: %PIX-4-405001: Received ARP request collision from 10.40.144.2/0014.5e6a.428a on interface inside

Aug 30 18:25:40 10.40.144.2 Aug 30 2006 18:08:50: %PIX-4-405001: Received ARP request collision from 10.40.144.2/0011.43e1.c5d5 on interface inside

Aug 30 18:25:41 10.40.144.2 Aug 30 2006 18:08:50: %PIX-4-405001: Received ARP response collision from 10.40.144.2/0011.43e1.c5d6 on interface inside

Aug 30 18:26:15 10.40.144.2 Aug 30 2006 18:09:25: %PIX-4-405001: Received ARP request collision from 10.40.144.2/0014.5e6a.428b on interface inside

Aug 30 18:26:17 10.40.144.2 Aug 30 2006 18:09:26: %PIX-4-405001: Received ARP request collision from 10.40.144.2/0011.43e1.c5d5 on interface inside

Aug 30 18:26:17 10.40.144.2 Aug 30 2006 18:09:26: %PIX-4-405001: Received ARP response collision from 10.40.144.2/0011.43e1.c5d6 on interface inside

Aug 30 18:26:20 10.40.144.2 Aug 30 2006 18:09:30: %PIX-4-405001: Received ARP request collision from 10.40.144.2/0011.43e1.c5d5 on interface inside

Aug 30 18:26:20 10.40.144.2 Aug 30 2006 18:09:30: %PIX-4-405001: Received ARP response collision from 10.40.144.2/0011.43e1.c5d6 on interface inside

I don't know where is the problem with my configuration...

The conf of my PIX is attached.

-----------------

I hope you can help me.

Thanks you by advance for your help!

Preview file
14 KB
0 Helpful
3 Replies 3

andrew.burns
Level 7
Level 7

‎09-04-2006 01:48 AM

Hi,

This doesn't necessarily mean a problem with your config, if you check the syslog reference for this message you get this:

Error Message: %PIX|ASA-4-405001: Received ARP {request | response} collision from IP_address/MAC_address on interface interface_name

Explanation: The security appliance received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.

Recommended Action: This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host.

HTH

Andrew.

0 Helpful

khayhuynh
Level 1
Level 1
In response to andrew.burns

‎09-04-2006 02:18 AM

Hi,

Thanks your for your answer but:

Received ARP request collision from 10.40.144.2/0011.43e1.c5d5 on interface inside

The IP address which makes the ARP request collision (10.40.144.2) is the IP adress of my Inside Interface of this PIX...

I don't understand, the PIX receives ARP collision from itself?!...

Thanks.

0 Helpful

khayhuynh
Level 1
Level 1
In response to khayhuynh

‎09-04-2006 07:43 AM

Other information :

My inside interface is directly connected to a Server's VLAN. And most of the servers have 2 NICS... Maybe my issue stems from this point?

Thanks you by advance for your help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card