Solved

ASA 5510

Posted on 2010-09-17
15
1,660 Views
Last Modified: 2012-05-10
receiving a lot of collions errors on the Asa 5510 Was wondering if any one had a clue as to how to clear them up or what could be causing them. because of it the router is dropping packets because we losing connects for 3-10 seconds at a time.
below is the error

%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7e.bdef on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7d.f7d4 on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7e.bdef on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7d.f7d4 on i
nterface inside
<--- More --->
0
Comment
Question by:bmic
15 Comments
 
LVL 2

Expert Comment

by:joseleonardo
Comment Utility
Cisco says;


405001
Error Message %PIX|ASA-4-405001: Received ARP {request | response} collision from
IP_address/MAC_address on interface interface_name

Explanation The security appliance received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.

Recommended Action This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host.



please refer Cisco system log messages:

http://www.cisco.com/univercd/cc/td/doc/pr...s.htm#wp1282234
0
 
LVL 3

Expert Comment

by:saL1Las
Comment Utility
Do a show interfaces and look at the status of the link.

This looks like a duplex mismatch between the interface you named "inside" and the other device to which you connected - a switch maybe?

Typically happens due to bad cabling or misconfigured ports (e.g. not autoneg)
0
 

Author Comment

by:bmic
Comment Utility
Thanks i will check into these option and get back to you....
0
 
LVL 3

Expert Comment

by:gorhon
Comment Utility
Please check, if you use other fw on the same network, and same nat cisco and other fw.
0
 
LVL 6

Expert Comment

by:kuoh
Comment Utility
Is 10.2.1.1 the IP of a PC, router, switch or inside IP of the ASA?  Looking at the MACs, it looks like 2 Dell machines are assigned with 10.2.1.1.

10.2.1.1/b8ac.6f7e.bdef
10.2.1.1/b8ac.6f7d.f7d4

http://www.coffer.com/mac_find/?string=b8ac.6f7e.bdef
0
 

Author Comment

by:bmic
Comment Utility
10.2.1.1 is the inside ip address of the asa
0
 
LVL 6

Expert Comment

by:kuoh
Comment Utility
That would explain the loss of connectivity.  Unless you're being attacked internally, look for at least 2 misconfigured Dell PCs or network devices with the MAC addresses indicated in the log.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:bmic
Comment Utility
the two mac address belong to the voice mail server and the ixport server that work with the phone system. and they are configured to be on the same network.
0
 
LVL 6

Expert Comment

by:kuoh
Comment Utility
But did you check the IP addresses that they're configured with?  If you don't have admin rights on them, then can you temporarily disconnect them?  Alternatively, you can try changing the ASA's inside IP, but that may involve more work depending on what's providing DHCP and how many devices you have on the network that have statically assigned IPs.  Something(s) are fighting with your ASA for 10.2.1.1 and when the ASA loses, your users lose internet connectivity.
0
 

Author Comment

by:bmic
Comment Utility
yes i understand and i have remoted to each of the machines and check the ip address config, disable the additional nic cards and turned off ipv6 and still the same error pops up in the router log. i did an Arp -a on the servers and according to the output info from the arp -a request the 10.2.10.6 and 7 are associated with the two Mac addresses. And those are the two servers that i checked for correct setting.
0
 
LVL 6

Expert Comment

by:kuoh
Comment Utility
Then your next step might be to physically disconnect the 2 servers temporarily and see if the ARP collisions continue to occur.  If so, then you've got something else on the network spoofing those MAC addresses.
0
 

Author Comment

by:bmic
Comment Utility
ok but can't do that until tomorrow out of town for the weekend. So i will give that a try tomorrow and get back to you thanks......
0
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
Comment Utility
It means that the ASA sees that the same MAC address responds to multiple ARP replies. This is normal when you have a host that has multiple IP addresses on the same ethernet card.

0
 

Author Comment

by:bmic
Comment Utility
The MAC address are different one is 7d and the other is 7e. There is only one nic per server enabled and the other nic are disabled. Also the ipv6 is disable on the in use nic.
0
 

Accepted Solution

by:
bmic earned 0 total points
Comment Utility
thank for all the help but I got the problem resolved. the problem was a couple of end users had there phone plugged into the wall twice thus creating a loop. We when through every room and after we corrected that the packet lost was resolved. Again thanks for all your help
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now