Re: PIX 515 responding to ARP commands...

In article <4315a965$0$38039$bed64819@xxxxxxxxxxxxxxxxx>,
Chris Kranz <chris@xxxxxxxxx> wrote:
:I have a strange thing on my network...

:Setup is 5x 3com SuperStack Switches, 3x HP DL 380's, 1x NetApp Filer
:routed through to 1x PIX 515e.

:So my problem is that occasionally I lose a device off the network. It
:won't completely drop from the network, but my machine will lose any
:kind of connection to it.

:The confusing thing is that when the machine 'disappears', the PIX
:replies to the ARP request!!!

I knew I recognized this... this is the "Losing connection"
thread from comp.dcom.lans.ethernet .
http://groups.google.ca/group/comp.dcom.lans.ethernet/browse_thread/thread/2b8eeeb4d24af714/13ef978ec8317bcc

I see you took my advice there and snooped and saw the ARPs that
I hypothesized then.

You didn't happen to mention then, and didn't mention now, which
PIX software version you are running.

When you see the ARP reply coming from the PIX, does it have
the PIX's MAC -and- IP ?

The 3Com Superstacks: as I recall those are usually layer 2 switches,
but there was [I seem to recall] layer 3 extensions available for them.
You have 5 of them for a network that you imply contains only 3 hosts,
so are they running routing, or are they connected in an unusual
topology, or are they running a redundancy protocol or the like?

Are you running any kind of routing protocol in-house? Is
your PIX emitting a default route towards the inside, which is
normally overridden by something with a better route but that
something drops the ball?

The machines that you lose connection with, are they are the same
subnet as "your machine" ?

Is this happening -only- to "your" machine, or to several machines
in your network? What OS is "your" machine running? (Is it one
of the Proliants?)
--
Entropy is the logarithm of probability -- Boltzmann
.

Relevant Pages

  • [fw-wiz] PIX v7: routing without NAT?
    ... network before touching the production environment. ... I've run some tests (and mind you I am new to pix), and it seems that the ARP ... no sysopt noproxyarp outside ...
    (Firewall-Wizards)
  • is it correct?
    ... I have to configure a VPN between a network with static public IP ... connected to a Firewall PIX 515 Version 6.1connected ... sysopt connection permit?ipsec ... isakmp policy 10 authen pre?share ...
    (comp.dcom.sys.cisco)
  • Re: Connecting a branch office...HELP
    ... As far as the network addresses are concerned, it depends on how you set ... up the connection. ... the PIX unless you connect the T1 through the PIX (because the LAN machines ...
    (microsoft.public.windows.server.networking)
  • PIX 515E dropping existing TCP connections
    ... I recently took over administration of a PIX 515E. ... network, and VPN to the PIX to access a private network. ... When the VPN is connected, I can SSH to hosts on the private network. ... PIX drops the connection after transferring just a few kilobytes. ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] bypassing PIX limitation
    ... setup another Pix box who's sole purpose is to connect to the ... Hopefully the following information will be clearer: The network behind ... assign the outside ip block from the partner to your global ... Can packets going into a VPN tunnel be NATed? ...
    (Firewall-Wizards)