Solved

ASA 5510

Posted on 2010-09-17
15
1,697 Views
Last Modified: 2012-05-10
receiving a lot of collions errors on the Asa 5510 Was wondering if any one had a clue as to how to clear them up or what could be causing them. because of it the router is dropping packets because we losing connects for 3-10 seconds at a time.
below is the error

%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7e.bdef on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7d.f7d4 on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7e.bdef on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7d.f7d4 on i
nterface inside
<--- More --->
0
Comment
Question by:bmic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 2

Expert Comment

by:joseleonardo
ID: 33706796
Cisco says;


405001
Error Message %PIX|ASA-4-405001: Received ARP {request | response} collision from
IP_address/MAC_address on interface interface_name

Explanation The security appliance received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.

Recommended Action This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host.



please refer Cisco system log messages:

http://www.cisco.com/univercd/cc/td/doc/pr...s.htm#wp1282234
0
 
LVL 3

Expert Comment

by:saL1Las
ID: 33706802
Do a show interfaces and look at the status of the link.

This looks like a duplex mismatch between the interface you named "inside" and the other device to which you connected - a switch maybe?

Typically happens due to bad cabling or misconfigured ports (e.g. not autoneg)
0
 

Author Comment

by:bmic
ID: 33706815
Thanks i will check into these option and get back to you....
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:gorhon
ID: 33707416
Please check, if you use other fw on the same network, and same nat cisco and other fw.
0
 
LVL 6

Expert Comment

by:kuoh
ID: 33709203
Is 10.2.1.1 the IP of a PC, router, switch or inside IP of the ASA?  Looking at the MACs, it looks like 2 Dell machines are assigned with 10.2.1.1.

10.2.1.1/b8ac.6f7e.bdef
10.2.1.1/b8ac.6f7d.f7d4

http://www.coffer.com/mac_find/?string=b8ac.6f7e.bdef
0
 

Author Comment

by:bmic
ID: 33709663
10.2.1.1 is the inside ip address of the asa
0
 
LVL 6

Expert Comment

by:kuoh
ID: 33709717
That would explain the loss of connectivity.  Unless you're being attacked internally, look for at least 2 misconfigured Dell PCs or network devices with the MAC addresses indicated in the log.
0
 

Author Comment

by:bmic
ID: 33712721
the two mac address belong to the voice mail server and the ixport server that work with the phone system. and they are configured to be on the same network.
0
 
LVL 6

Expert Comment

by:kuoh
ID: 33712781
But did you check the IP addresses that they're configured with?  If you don't have admin rights on them, then can you temporarily disconnect them?  Alternatively, you can try changing the ASA's inside IP, but that may involve more work depending on what's providing DHCP and how many devices you have on the network that have statically assigned IPs.  Something(s) are fighting with your ASA for 10.2.1.1 and when the ASA loses, your users lose internet connectivity.
0
 

Author Comment

by:bmic
ID: 33712894
yes i understand and i have remoted to each of the machines and check the ip address config, disable the additional nic cards and turned off ipv6 and still the same error pops up in the router log. i did an Arp -a on the servers and according to the output info from the arp -a request the 10.2.10.6 and 7 are associated with the two Mac addresses. And those are the two servers that i checked for correct setting.
0
 
LVL 6

Expert Comment

by:kuoh
ID: 33713026
Then your next step might be to physically disconnect the 2 servers temporarily and see if the ARP collisions continue to occur.  If so, then you've got something else on the network spoofing those MAC addresses.
0
 

Author Comment

by:bmic
ID: 33713057
ok but can't do that until tomorrow out of town for the weekend. So i will give that a try tomorrow and get back to you thanks......
0
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 33713981
It means that the ASA sees that the same MAC address responds to multiple ARP replies. This is normal when you have a host that has multiple IP addresses on the same ethernet card.

0
 

Author Comment

by:bmic
ID: 33714140
The MAC address are different one is 7d and the other is 7e. There is only one nic per server enabled and the other nic are disabled. Also the ipv6 is disable on the in use nic.
0
 

Accepted Solution

by:
bmic earned 0 total points
ID: 33771637
thank for all the help but I got the problem resolved. the problem was a couple of end users had there phone plugged into the wall twice thus creating a loop. We when through every room and after we corrected that the packet lost was resolved. Again thanks for all your help
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question