Cisco ASA, ESX/vSphere, and Duplicate IP’s

Summary:

Windows (2003/2008/R2) and/or Linux VM’s added to a VLAN and continuously report duplicate IP’s and Windows assign themselves APIPA (Private Address).

Symptoms:

  1. (Windows) 169.254.x.x Address shows up as (Preferred) when running ipconfig /all in command prompt
  2. Resetting Adapter pops up Duplicate IP Error.
  3. Changing VM Network to a dummy network and vm nic reset, causes issue to go away.
  4. Changing VM Network back to problem network clears issue until vm is reset or nic is reset.

Resolution:

Assuming the Cisco ASA is the cause, you can follow the below steps to rectify the issue:

  1. Login to the Security Appliance ASDM
  2. Select Device Setup
  3. Expand Routing
  4. Select Proxy ARP
  5. Disable Proxy arp on the related interface (usually associated w/ your VLAN)
    • Other command line method:
      • sysopt noproxyarp <interface name>

If Windows is the issue for some reason, you can do this:

  1. Start –> Run… –> Regedit
  2. Find this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  3. Insert a new DWORD value
  4. Name the DWORD value “ArpRetryCount”
  5. Change the value for the new entry to 0 if not already set that way.
  6. Disable and Re-enable your network adapter to see if problem goes away.

Comments

ryan said…
Chris,

Looks like a straight forward identity map issue on the ASA. Here's an explanation from Cisco around this behavior and the differences in software: http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1165189
Anonymous said…
Thank you very much!
Anonymous said…
Thank you! Still saving the day in 2015!!
Anonymous said…
Still saving the day in 2019!!

Popular posts from this blog

PowerCLI: The SSL connection could not be established, see inner exception.

Get iDRAC/ILO (aka Baseboard Management Controller) IP via PowerCLI

Misc: Fire TV Stick 2 Screen Cut Off, no display adjustment option