From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Tue Oct 07 2008 - 16:00:56 ART
Most probably this is happening because you configured a static (x,outside)
statement on the ASA for the server. The ASA will respond with its own mac
address for all 'mapped IP addresses' configured in static commands.
Regards
Farrukh
On Tue, Oct 7, 2008 at 9:49 PM, Tim <ccie2be@nyc.rr.com> wrote:
> Hi Guys,
>
>
>
> I'm doing IE security lab 1
>
>
>
> I have 3 devices on the same vlan:
>
>
>
> The private int of a VPN 3005. (ip address 183.1.100.11/24, mac addr
> 00.03.A0.88.D6.24
>
>
>
> The outside int of ASA (ip address 183.1.100.12/24, mac addr
> 001f.9c98.16ae)
>
>
>
> And a Win Server ( ip address 183.1.100.100/24, mac
> addr
> 0002.a58a.65e6)
>
>
>
>
>
> When the outside int of the ASA is up, I can't browse from the Win Server
> to
> the private int of the VPN 3000.
>
>
>
> But, after I shut down the outside int of the ASA, there's no problem.
> And,
> after a bit the arp table on the Win Server is correct.
>
>
>
> Then, if I re-enable the outside int of the ASA, the ARP table on the Win
> Server becomes corrupted showing the same Mac address (the MAC address of
> the ASA's outside int)
>
>
>
> for both the Win Server and the outside int of the ASA.
>
>
>
> So, it seems like the ASA is responding to ARP requests for 183.1.100.11
> with its own mac address.
>
>
>
> Has anybody ever seem this behavior before or know why this is happening?
>
>
>
> And, how can I make it stop doing that.
>
>
>
> Thanks, Tim
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST