Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
0
Helpful
1
Replies

Question on replacing a firewall and the effect on others on the same LAN?

tmoffett
Cisco Employee
Cisco Employee

‎02-10-2006 03:44 AM - edited ‎03-09-2019 01:53 PM

Hi,

We have a scenario where a pair of PIXes exist, connecting two seperate entities, with outside interfaces on the same subnet.

We replaced one of the PIX firewalls with an ASA and had everything configured correctly, but communications between two entities would not work. I validated that our configuration was working by inserting my PC into the outside LAN and communicating through to the static NATs we had configured. The remote entity was unable to communicate into the side we had swapped out.

Due to time constraints, we rolled back the migration to the old PIX. When we booted it up, it didn't work either.

The resolution was to clear the arp table on the remote (on the same outside interface LAN) PIX.

Is this well known behavior and I just missed it, or is this an anomoly?

In hindsight, I feel as if we could have cleared the remote PIXes ARP cache and the new ASA would have worked.

Remember, the two FWs have the same broadcast domain in common on the outside interfaces.

Thanks in advance for your comments!

Labels:
0 Helpful
1 Reply 1

Patrick Laidlaw
Level 4
Level 4

‎02-10-2006 04:00 PM

Hello,

When replacing equipment it is fairly common to need to clear the arp table. Sometimes you may have to manually change a mac to ip mapping on some routers.

Example an ISP I deal with on a regular bases drops in a router to your site on that router they require to know that mac address's/ip of devices going to be connected to it so they won't be spoofed.

Patrick

0 Helpful
Customers Also Viewed These Support Documents