ISP ARP table shows different MAC addresses.

yemosabi1 · ‎04-07-2011

We have an issue in which some of our public IPs will not work from outside. We have a couple of subnets/29. We allow traffic via access rules and they point to internal servers (nat to nat). So I requested an ARP table from our ISP router. The table shows that the non working IPs have a differect MAC address than the working IPs. Our ISP blames our equipment (CIsco ASA 5510) for this. I spoke to Cisco support. They looked at our configuration, and tested it. They say our configuration is correct and the ISP's equipment is doing it.

IPS	MAC address
..*.5	..4cd8
..*.4	..4cd8
..*.3	..4cd8
..*.2.	..4cd8
..*.204	..4cd8
..*.205	..4cd9

As you can see above, the IP ending in 205 has a different MAC address ending in 4cd9. It should end

in 4cd8. This seems to happened randomly with all IPs. Like if I restart the ASA. Some of the IPs will not work, and will show a different MAC address.We then have to wait a couple of hrs for them to start work again.

Has anybody seen this before?

Richard Burts · ‎04-07-2011

Antonio

I have not seen an issue quite like this. So I can not speak from experience about it. But I wonder if the close relationship between the MAC addresses *.*.4cd8 and *.*.4cd9 indicates that they might come from related interfaces on the same device?

Do you perhaps have contexts configured on your ASA and is it possible that the 205 address is related to a different context?

HTH

Rick

HTH

Rick