Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
1
Replies

FWSM false ARP reply

vantonenko
Level 1
Level 1

‎07-08-2016 06:31 AM - edited ‎03-10-2019 12:41 AM

Hello,

I have a weird issue with some server LANs that terminated on FWSM.

In this LANs used static IP-addressing.

All of the servers are VMWare VMs. 

And after reboot or restarting network interfaces on these VMs, (Windows and Linux) OS reports "Duplicate IP address".

We used wireshark on VM and noticed that:

During network interface initialization, VM send ARP-request for its own IP-address, for checking IP duplication in LAN.

And FWSM (Gateway) replies on this request that this IP address is on FWSM, but this is false. It uses different IP-address.

Also weird thing that Frame Check Sequence filed in reply frame equals 0x00000000.

VM receives ARP reply and concludes that there is an IP-duplication in LAN and stops network operation.

[[{"type":"media","fid":"1319401","view_mode":"default","link_text":null,"attributes":{"alt":"false arp reply","title":"false arp reply","height":"35","width":"1556","class":"image-style-none media-element file-default"}}]]

I don't know and could not find any information about mechanisms that made FWSM to do ARP-reply this way.

Labels:
0 Helpful
1 Reply 1

Sandeep Singh
Level 7
Level 7

‎07-09-2016 06:06 AM

Hi vantonenko

It is common for security appliances (like FWSM) which are doing IP proxy to reply to IP address query; however this is supposed to be for outside network and not for the same subnet. Check the config on your FWSM.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents