Warnings of duplicate IP address shows on USG.

Publication Date:  2014-06-03 Views:  626 Downloads:  0
Issue Description
When login to the device through CLI, it comes out a lot of warnings saying that duplicated IP address found on the internet link.
Alarm Information
The output of "display logbuffer":

%2014-05-19 08:16:25 ***-FW %%01ARP/4/DUP_IPADDR(l): Receive an ARP packet with duplicate ip address *.*.*.203 from GigabitEthernet0/0/0, source MAC is 4846-fb8e-xxxx!
%2014-05-19 08:16:20 ***-FW %%01ARP/4/DUP_IPADDR(l): Receive an ARP packet with duplicate ip address *.*.*.203 from GigabitEthernet0/0/0, source MAC is 4846-fb8e-xxxx!
%2014-05-19 08:16:15 ***-FW %%01ARP/4/DUP_IPADDR(l): Receive an ARP packet with duplicate ip address *.*.*.203 from GigabitEthernet0/0/0, source MAC is 4846-fb8e-xxxx!
Handling Process
change the nat server config, bind it to VRRP group 3:

 nat server 0 protocol tcp global *.*.*.203 www inside 192.168.1.* www vrrp 3 no-reverse
Root Cause
Check the mac-address 4846-fb8e-xxxx, found it comes from the slave firewall.
Normally slave firewall should not answer the  ARP request.
Check the configuration, found configs as below:

 nat server 0 protocol tcp global *.*.*.203 www inside 192.168.1.* www no-reverse

interface GigabitEthernet0/0/0
ip address *.*.*.201 255.255.255.240
vrrp vrid 3 virtual-ip 64.*.*.205 master
ip netstream inbound
hrp track master
 
The nat server's virtual IP address is in the same network with internet physical link, in this case, we should bind the nat server to a VRRP group, or the slave firewall will also answer the ARP requests.

Suggestions
Whenever nat server 's virtural address lies in the same network as physical interface, we should add the keyword "vrpp" in the nat server config.

END