arp table randomly wrong

j.house · ‎04-21-2009

I have a test lab that I support that is a flat network that consists of a couple hubs, 2 Cisco 3500XL switches and a PIX 515 firewall. The issue is that everything will work fine for 10-15 minutes and then IP communication between hosts will cease. I was able to pinpoint the issue, just not the cause. In the switch that has the host in question directly connected I checked the arp table.

The table when everything is working is as follows (other extries removed):

Internet 192.168.3.1 10 0002.b35f.da1f ARPA VLAN1

Internet 192,168.3.166 4 OOla.646d.3ece ARPA VLAN1

when not working the arp table is this (other extries removed):

Internet 192.168.3.1 3 0002.b35f.da1f ARPA VLAN1

Internet 192,168.3.166 3 0002.b35f.da1f ARPA VLAN1

192.168.3.1 is the default gateway for the subnet and is the PIX firewall. 192.168.3.166 is a win2k server.

Ideas?

lamav · ‎04-21-2009

Hi:

Turn off proxy arp on the firewall's interface.

sysopt no proxyarp

The firewall is responding to ARPs and your server is sending traffic to it for forwarding. But without an ACL on the firewall's interface, it will block the traffic.

HTH

Victor