Forum Discussion

ahmad_2312's avatar
ahmad_2312
Icon for Nimbostratus rankNimbostratus
Feb 27, 2010

PIX Firewall Keep Blocking F5

Hello;

 

 

during the configuration of F5, we had to share multiple IP Addresses within one interface so (for example):

 

10.10.10.1

 

10.10.10.2

 

10.10.10.3

 

are using 1.1 interface and one MAC Address, so due to ARP error in PIX due to such behavior of F5, the F5 get blocked !!

 

 

is there any solution except having each IP Address in different interface ?
config
design
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Feb 27, 2010
    Hi Ahmad,

     

    What exactly is the error message that the PIX generates for the F5 to get blocked?

     

     

    thanks,

     

    Bhattman

     

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 01, 2010
    I think you'll want to figure out how to configure the PIX to allow multiple IP addresses to use the same MAC address. I expect there is a simple option for "spoofing" or something related that could be disabled to allow this (assuming you're able to make this change).

     

     

    Aaron
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Mar 01, 2010
    I would also open a TAC case with Cisco because the level of blocking doesn't exists without an explicit permit statement and only that is supported after 6.3 code of the pix - which I never seen done out in the wild. Sounds more like a bug then an actual or misconfiguration issue.

     

     

    Also you might want to look at the ProxyARP setting to see if that is interfering with the traffic.

     

     

    Bhattman