[TriLUG] PIX 502 vs MAC?

[Brian Henning]

Hi Guys,
   I recenlty swapped out two network cards in my 
mail/intranet/file/whatever server.  Same IPs assigned to them as 
before, and all LAN connectivity works perfectly.  Problem is, I can't 
get any traffic to or from it across my PIX 502 firewall.  From within 
the firewall's admin interface I can ping the server, and I can ping the 
firewall from the server, but it seemingly steadfastly refuses to pass 
any traffic outside from that server.  I can't get DNS resolutions, I 
can't ping IPs outside our network (connect: Network unreachable), and 
my static address translations in the PIX to that IP no longer seem to 
work.  (Statics to other hosts on our LAN continue to function normally)

I wouldn't be at all surprised if the PIX is balking at the fact that a 
particular IP's MAC address changed.  Seems like the sort of thing it 
could possibly see as bad, especially if the IP in question were the 
target of one or more static translations.  Especially since that's 
exactly where the problem appears to be.

So am I right?  Has my PIX flagged that IP as "enemy" somehow because 
its MAC changed?  And if so, how do I get it to undo that?  I've cleared 
the ARP cache for that IP, but that didn't help.  I know some tasks on 
the PIX can be pretty convoluted, so I wouldn't be surprised if I were 
missing something.

By the way, here's what I've tried latest:

- remove all static translations to the IP in question (192.168.1.125)
- no arp inside 192.168.1.125
- re-add all static translations to 192.168.1.125

No joy yet.

Thanks for all your input!

Regards,
~Brian