strange issue with PIX

jawad-mukhtar · ‎09-11-2013

hi

i just connected to PIX to network

ips that i have assigned to pix, servers also exist in that subnet.

suddenlty i noticed servers are not getting proper reply cannot access them properly.

at end i notice that interface that was connected to pix ip were assing to that mac (that mac belong to pix)

I9MLSW01#show ip arp 001a.a2a4.71d6

Protocol Address Age (min) Hardware Addr Type Interface

Internet 1.1.1.1 1 001a.a2a4.71d6 ARPA Vlanx

Internet 1.1.1.20 1 001a.a2a4.71d6 ARPA Vlanx

Internet 1.1.1.50 1 001a.a2a4.71d6 ARPA Vlanx

Internet 1.1.1.60 1 001a.a2a4.71d6 ARPA Vlanx

Internet 1.1.1.90 1 001a.a2a4.71d6 ARPA Vlanx

Internet 1.1.1.230 1 001a.a2a4.71d6 ARPA Vlanx

Internet 1.1.1.2 0 001a.a2a4.71d6 ARPA Vlanx (that was original PIX ip)

after removing pix everything was normal.

Jawad

Jouni Forss · ‎09-11-2013

Hi,

I am not sure if I understand what you are saying.

It seems to me that you probably have a problem related to Proxy ARP enabled on the PIX interface connected to some LAN/DMZ network.

When Proxy ARP is enabled the PIX might reply to ARP requests even though it doesnt own the IP address for which MAC address the ARP request was for.

The command to disable Proxy ARP on an interface is

sysopt noproxyarp

for example

sysopt noproxyarp inside

So you should probably issue this command for the interface which has that IP address range and then try using the PIX again. Might be good to clear the ARP from the connected router/L3 switch also

- Jouni