I'm having a bit of a challenge with my two asa's.
My setup is as follows:
(example IP's obviously)
WAN SWITCH Gi0/1 22.214.171.124/24 > Cisco ASA1 5512x Gig0/0 126.96.36.199/24
WAN SWITCH Gi0/2 188.8.131.52/24 > Cisco ASA2 5510 Gig0/0 184.108.40.206/24
On asa 1 i've got several 1 to 1 nat rules, so i use from 220.127.116.11 to 18.104.22.168.
On asa 2 I've got only a couple of 1 to 1, i use ip's 22.214.171.124 to 126.96.36.199
All this have been working fine for a long time, but yesterday I ran into a problem.
Installed a new server behind asa 1 if dmz-admin 188.8.131.52/24 Server: 184.108.40.206/24
did the following:
nat (dmz-admin,outside) static 220.127.116.11
This should be enough, and the same setup work for several servers in my (nameif)dmz-admin interface.
Of course, the firewall rules are in place, same as the other servers.
What i then discovered was, when i do a show arp on the ASA1 i see the 18.104.22.168 addres with the MAC address of outside IF on ASA2.
I've never used addresses below 22.214.171.124 on my ASA2, and today i only use three.
Does anybody have any idea about how this works? I can't see any reasons why ASA2 would tell anyone it has 126.96.36.199, and it doesn't show up in any other mac-address-table or arp table on that subnet.
I've never actually done a traffic dump on the WAN interface, because of intense traffic, but I expect it works as follows:
1: Request for 188.8.131.52 enters my ISP's switch.
2: ISP-switch sends ARP
3: Asa with 184.108.40.206 replies.
Or is it something i've missed?