Solved

ASA 5510

Posted on 2010-09-17
15
1,681 Views
Last Modified: 2012-05-10
receiving a lot of collions errors on the Asa 5510 Was wondering if any one had a clue as to how to clear them up or what could be causing them. because of it the router is dropping packets because we losing connects for 3-10 seconds at a time.
below is the error

%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7e.bdef on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7d.f7d4 on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7e.bdef on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7d.f7d4 on i
nterface inside
<--- More --->
0
Comment
Question by:bmic
15 Comments
 
LVL 2

Expert Comment

by:joseleonardo
ID: 33706796
Cisco says;


405001
Error Message %PIX|ASA-4-405001: Received ARP {request | response} collision from
IP_address/MAC_address on interface interface_name

Explanation The security appliance received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.

Recommended Action This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host.



please refer Cisco system log messages:

http://www.cisco.com/univercd/cc/td/doc/pr...s.htm#wp1282234
0
 
LVL 3

Expert Comment

by:saL1Las
ID: 33706802
Do a show interfaces and look at the status of the link.

This looks like a duplex mismatch between the interface you named "inside" and the other device to which you connected - a switch maybe?

Typically happens due to bad cabling or misconfigured ports (e.g. not autoneg)
0
 

Author Comment

by:bmic
ID: 33706815
Thanks i will check into these option and get back to you....
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:gorhon
ID: 33707416
Please check, if you use other fw on the same network, and same nat cisco and other fw.
0
 
LVL 6

Expert Comment

by:kuoh
ID: 33709203
Is 10.2.1.1 the IP of a PC, router, switch or inside IP of the ASA?  Looking at the MACs, it looks like 2 Dell machines are assigned with 10.2.1.1.

10.2.1.1/b8ac.6f7e.bdef
10.2.1.1/b8ac.6f7d.f7d4

http://www.coffer.com/mac_find/?string=b8ac.6f7e.bdef
0
 

Author Comment

by:bmic
ID: 33709663
10.2.1.1 is the inside ip address of the asa
0
 
LVL 6

Expert Comment

by:kuoh
ID: 33709717
That would explain the loss of connectivity.  Unless you're being attacked internally, look for at least 2 misconfigured Dell PCs or network devices with the MAC addresses indicated in the log.
0
 

Author Comment

by:bmic
ID: 33712721
the two mac address belong to the voice mail server and the ixport server that work with the phone system. and they are configured to be on the same network.
0
 
LVL 6

Expert Comment

by:kuoh
ID: 33712781
But did you check the IP addresses that they're configured with?  If you don't have admin rights on them, then can you temporarily disconnect them?  Alternatively, you can try changing the ASA's inside IP, but that may involve more work depending on what's providing DHCP and how many devices you have on the network that have statically assigned IPs.  Something(s) are fighting with your ASA for 10.2.1.1 and when the ASA loses, your users lose internet connectivity.
0
 

Author Comment

by:bmic
ID: 33712894
yes i understand and i have remoted to each of the machines and check the ip address config, disable the additional nic cards and turned off ipv6 and still the same error pops up in the router log. i did an Arp -a on the servers and according to the output info from the arp -a request the 10.2.10.6 and 7 are associated with the two Mac addresses. And those are the two servers that i checked for correct setting.
0
 
LVL 6

Expert Comment

by:kuoh
ID: 33713026
Then your next step might be to physically disconnect the 2 servers temporarily and see if the ARP collisions continue to occur.  If so, then you've got something else on the network spoofing those MAC addresses.
0
 

Author Comment

by:bmic
ID: 33713057
ok but can't do that until tomorrow out of town for the weekend. So i will give that a try tomorrow and get back to you thanks......
0
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 33713981
It means that the ASA sees that the same MAC address responds to multiple ARP replies. This is normal when you have a host that has multiple IP addresses on the same ethernet card.

0
 

Author Comment

by:bmic
ID: 33714140
The MAC address are different one is 7d and the other is 7e. There is only one nic per server enabled and the other nic are disabled. Also the ipv6 is disable on the in use nic.
0
 

Accepted Solution

by:
bmic earned 0 total points
ID: 33771637
thank for all the help but I got the problem resolved. the problem was a couple of end users had there phone plugged into the wall twice thus creating a loop. We when through every room and after we corrected that the packet lost was resolved. Again thanks for all your help
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question