cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
458
Views
0
Helpful
1
Replies

Replacing Faulty PIX FW / Clear ARP?

mlabuguen
Level 1
Level 1

Hi,

I'm curious to find out what goes on as far as communications between a local host and a router is concerned when the arp cache of a router has two instances of the same MAC address but different IP address. What would happen to local hosts wanting to go out to the internet?

sho arp

...

Internet 172.20.20.2 2 0001.64ff.ce99 ARPA

Internet 172.20.20.3 3 0001.64ff.ce99 ARPA

Recently i replaced a faulty primary firewall (172.20.20.2) with the backup firewall (172.20.20.3). The backup firewall, after rebooting, assumed the primary role which resulted in a new IP address of 172.20.20.2 (but new MAC). This resulted in the anomaly of the arp cache. Right now no traffic is allowed in or out of the new PIX. I assume it's because of the above arp problem. Hopefully a clear arp-cache will resolve the issue.

Thanks,

Mavin

1 Reply 1

drolemc
Level 6
Level 6

I'm not too sure you should be seeing what you are seeing. The secondary firewall in the failover pair should take over the primary's IP and MAC when it goes active. However, assuming that we end up with the an arp table as shown above, there is still no problem since all traffic destined to 172.20.20.3 will be forwarded correctly since the IP is mapped to the correct L2 address. Also, all hosts will still be forwarding traffic to the primary's IP of 172.20.20.2 and the failover unit has taken up the primary's IP and mac.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: