I'm having a bit of a challenge with my two asa's.
My setup is as follows:
(example IP's obviously)
WAN SWITCH Gi0/1 126.96.36.199/24 > Cisco ASA1 5512x Gig0/0 188.8.131.52/24
WAN SWITCH Gi0/2 184.108.40.206/24 > Cisco ASA2 5510 Gig0/0 220.127.116.11/24
On asa 1 i've got several 1 to 1 nat rules, so i use from 18.104.22.168 to 22.214.171.124.
On asa 2 I've got only a couple of 1 to 1, i use ip's 126.96.36.199 to 188.8.131.52
All this have been working fine for a long time, but yesterday I ran into a problem.
Installed a new server behind asa 1 if dmz-admin 184.108.40.206/24 Server: 220.127.116.11/24
did the following:
nat (dmz-admin,outside) static 18.104.22.168
This should be enough, and the same setup work for several servers in my (nameif)dmz-admin interface.
Of course, the firewall rules are in place, same as the other servers.
What i then discovered was, when i do a show arp on the ASA1 i see the 22.214.171.124 addres with the MAC address of outside IF on ASA2.
I've never used addresses below 126.96.36.199 on my ASA2, and today i only use three.
Does anybody have any idea about how this works? I can't see any reasons why ASA2 would tell anyone it has 188.8.131.52, and it doesn't show up in any other mac-address-table or arp table on that subnet.
I've never actually done a traffic dump on the WAN interface, because of intense traffic, but I expect it works as follows:
1: Request for 184.108.40.206 enters my ISP's switch.
2: ISP-switch sends ARP
3: Asa with 220.127.116.11 replies.
Or is it something i've missed?