danfranklin
MIS
- Sep 5, 2002
- 30
We currently have 5 devices sitting on our DMZ on a PIX 520.
All devices are on the same subnet and connect through a switch on a single VLAN to the PIX. Each device has its gateway pointing to the PIX. When you ping from devices on the same DMZ segment they sometimes respond and sometimes don't. If you look at the arp table on a selected device sometimes it has the correct entry and some time it has the MAC address of the PIX DMZ interface listed as the MAC for device you are trying to ping. We put a Sniffer on the segment and the first arp reply comes back with the correct MAC address of the devices but then for some reason when the arp goes out again it takes the PIX interface MAC.
The cam entries on the switch show correct entries for all devices.
Has anyone had a similar issue?
All devices are on the same subnet and connect through a switch on a single VLAN to the PIX. Each device has its gateway pointing to the PIX. When you ping from devices on the same DMZ segment they sometimes respond and sometimes don't. If you look at the arp table on a selected device sometimes it has the correct entry and some time it has the MAC address of the PIX DMZ interface listed as the MAC for device you are trying to ping. We put a Sniffer on the segment and the first arp reply comes back with the correct MAC address of the devices but then for some reason when the arp goes out again it takes the PIX interface MAC.
The cam entries on the switch show correct entries for all devices.
Has anyone had a similar issue?