Cisco PIX 515E firewall produces incorrect ARP responses
Posted on 2007-08-01
We have a CISCO PIX 515E firewall (software version 6.2(2)). Unfortunately, there appears to be an issue with the ARP table. Whenever a server on our network sends a broadcast ARP request to determine the MAC address of another server, the firewall always responds with the MAC address of the firewall, causing the requesting server to receive 2 MAC addresses for the IP address in question. As a result, the requesting server occasionally assigns the incorrect MAC addresss for that IP address preventing IP packets from travelling between the two servers.
Do you know if there is likely to be a bug in the firmware for the firewall? And/or is there a way to configure this firewall to ignore any ARP requests? To get around this, we have created static entries in the ARP tables on all the servers.