Link to home
Start Free TrialLog in
Avatar of jpguillebaud
jpguillebaud

asked on

Cisco PIX 515E firewall produces incorrect ARP responses

We have a CISCO PIX 515E firewall (software version 6.2(2)). Unfortunately, there appears to be an issue with the ARP table. Whenever a server on our network sends a broadcast ARP request to determine the MAC address of another server, the firewall always responds with the MAC address of the firewall, causing the requesting server to receive 2 MAC addresses for the IP address in question. As a result, the requesting server occasionally assigns the incorrect MAC addresss for that IP address preventing IP packets from travelling between the two servers.

Do you know if there is likely to be a bug in the firmware for the firewall? And/or is there a way to configure this firewall to ignore any ARP requests? To get around this, we have created static entries in the ARP tables on all the servers.
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jpguillebaud
jpguillebaud

ASKER

Thank you Genius (you certainly are a genius!) I entered this command into the configuration of the firewall and now whenever I do an ARP request, I only receive the one required MAC address! Am I right in assuming that the firewall can be configured to work as a proxy server and hence it responds to all ARP requests by default?
Avatar of Les Moore
Les Moore
Flag of United States of America image
Not as a proxy server per-say, but it has a tendency to answer up arp for anything within its assigned subnet.