FiOS Cisco PIX ARP Problem Fixed!

The Problem


When you define a static NAT on the pix you cannot get to route beyond the pix. It appears that some FIOS ONTs send arp requests with a source IP of 0.0.0.0 and the PIX will not send a proxy arp reply for the static entry but will respond itself only (me). I'm using 6.2.2 on the PIX.

In this example my PIX has an outside interface configured with 71.x.x.210. The debug shows that it responds fine.

"debug arp" on the pix shows
arp-in: rqst for me from 0.0.0.0 for 71.x.x.210, on outside
arp-in: generating reply from 71.x.x.210 0013.60ac.bf97 to 0.0.0.0 000e.861c.d518

I have the following static entry configured.

static (inside,outside) 71.x.x.216 192.n.n.1 netmask 255.255.255.255

"debug arp" on the pix shows
arp-in: request at outside from 0.0.0.0 000e.861c.d518 for 71.246.225.216 0013.60ac.bf97

So the PIX knows about the mac address of .216 but it just won't not respond! 

Solution or Work around

Upgrade to 8.0.4-32. On the PIX software download page select PIX Interim Releases  at the top part of the page...


The PIX now replies to the arp request and everything now works like it should have in the first place!