ASA 5510

receiving a lot of collions errors on the Asa 5510 Was wondering if any one had a clue as to how to clear them up or what could be causing them. because of it the router is dropping packets because we losing connects for 3-10 seconds at a time.
below is the error

%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7e.bdef on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7d.f7d4 on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7e.bdef on i
nterface inside
%ASA-4-405001: Received ARP response collision from 10.2.1.1/b8ac.6f7d.f7d4 on i
nterface inside
<--- More --->
bmicAsked:
Who is Participating?
 
bmicConnect With a Mentor Author Commented:
thank for all the help but I got the problem resolved. the problem was a couple of end users had there phone plugged into the wall twice thus creating a loop. We when through every room and after we corrected that the packet lost was resolved. Again thanks for all your help
0
 
joseleonardoCommented:
Cisco says;


405001
Error Message %PIX|ASA-4-405001: Received ARP {request | response} collision from
IP_address/MAC_address on interface interface_name

Explanation The security appliance received an ARP packet, and the MAC address in the packet differs from the ARP cache entry.

Recommended Action This traffic might be legitimate, or it might indicate that an ARP poisoning attack is in progress. Check the source MAC address to determine where the packets are coming from and check to see if it belongs to a valid host.



please refer Cisco system log messages:

http://www.cisco.com/univercd/cc/td/doc/pr...s.htm#wp1282234
0
 
saL1LasCommented:
Do a show interfaces and look at the status of the link.

This looks like a duplex mismatch between the interface you named "inside" and the other device to which you connected - a switch maybe?

Typically happens due to bad cabling or misconfigured ports (e.g. not autoneg)
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
bmicAuthor Commented:
Thanks i will check into these option and get back to you....
0
 
gorhonCommented:
Please check, if you use other fw on the same network, and same nat cisco and other fw.
0
 
kuohCommented:
Is 10.2.1.1 the IP of a PC, router, switch or inside IP of the ASA?  Looking at the MACs, it looks like 2 Dell machines are assigned with 10.2.1.1.

10.2.1.1/b8ac.6f7e.bdef
10.2.1.1/b8ac.6f7d.f7d4

http://www.coffer.com/mac_find/?string=b8ac.6f7e.bdef
0
 
bmicAuthor Commented:
10.2.1.1 is the inside ip address of the asa
0
 
kuohCommented:
That would explain the loss of connectivity.  Unless you're being attacked internally, look for at least 2 misconfigured Dell PCs or network devices with the MAC addresses indicated in the log.
0
 
bmicAuthor Commented:
the two mac address belong to the voice mail server and the ixport server that work with the phone system. and they are configured to be on the same network.
0
 
kuohCommented:
But did you check the IP addresses that they're configured with?  If you don't have admin rights on them, then can you temporarily disconnect them?  Alternatively, you can try changing the ASA's inside IP, but that may involve more work depending on what's providing DHCP and how many devices you have on the network that have statically assigned IPs.  Something(s) are fighting with your ASA for 10.2.1.1 and when the ASA loses, your users lose internet connectivity.
0
 
bmicAuthor Commented:
yes i understand and i have remoted to each of the machines and check the ip address config, disable the additional nic cards and turned off ipv6 and still the same error pops up in the router log. i did an Arp -a on the servers and according to the output info from the arp -a request the 10.2.10.6 and 7 are associated with the two Mac addresses. And those are the two servers that i checked for correct setting.
0
 
kuohCommented:
Then your next step might be to physically disconnect the 2 servers temporarily and see if the ARP collisions continue to occur.  If so, then you've got something else on the network spoofing those MAC addresses.
0
 
bmicAuthor Commented:
ok but can't do that until tomorrow out of town for the weekend. So i will give that a try tomorrow and get back to you thanks......
0
 
shubhanshu_jaiswalCommented:
It means that the ASA sees that the same MAC address responds to multiple ARP replies. This is normal when you have a host that has multiple IP addresses on the same ethernet card.

0
 
bmicAuthor Commented:
The MAC address are different one is 7d and the other is 7e. There is only one nic per server enabled and the other nic are disabled. Also the ipv6 is disable on the in use nic.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.