https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023298#M438472 <HTML><HEAD></HEAD><BODY><P>I am having an issue with with only the redhat/fedora systems on the DMZ segment of this ASA 5510.</P><P>Every time one of these systems reboots the system complains that its IP address is already in use and refuses to start networking. The IP address is NOT in use by any other systems on that subnet.</P><P></P><P>I am thinking this has something to do with proxy arp or the arp table on the ASA but I really do not know.</P></BODY></HTML> Tue, 11 Sep 2012 21:36:23 GMT lostngone 2012-09-11T21:36:23Z https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023296#M438468 <P>I currently have the timeout set to 14400. I have been draging this along in my config for a long time.</P><P>"arp timeout 14400"</P><P></P><P>My question is what is the recommendation for the timeout? 4 hours seems like a long time.</P> Mon, 11 Mar 2019 23:52:54 GMT https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023296#M438468 lostngone 2019-03-11T23:52:54Z https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023297#M438469 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>By default, arp timeout value on ASA is 14400, which is global. Do you have any reasons for changing this value?</P><P>You may refer to the following document to know more about proxya rp and gratutious arp</P><P>Regards</P><P>Gurpreet</P></BODY></HTML> Tue, 11 Sep 2012 21:22:46 GMT https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023297#M438469 gurpsin2 2012-09-11T21:22:46Z https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023298#M438472 <HTML><HEAD></HEAD><BODY><P>I am having an issue with with only the redhat/fedora systems on the DMZ segment of this ASA 5510.</P><P>Every time one of these systems reboots the system complains that its IP address is already in use and refuses to start networking. The IP address is NOT in use by any other systems on that subnet.</P><P></P><P>I am thinking this has something to do with proxy arp or the arp table on the ASA but I really do not know.</P></BODY></HTML> Tue, 11 Sep 2012 21:36:23 GMT https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023298#M438472 lostngone 2012-09-11T21:36:23Z https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023299#M438475 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Are there any Nats related to his RedHat system???</P><P></P><P>Also check the show run all sysopt and verify that proxy-arp is enabled for the DMZ?</P><P></P><P>Let me know what you get..</P><P></P><P><STRONG>Remember to rate all of the answers, that is why we are here...</STRONG></P></BODY></HTML> Tue, 11 Sep 2012 21:38:39 GMT https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023299#M438475 Julio Carvajal 2012-09-11T21:38:39Z https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023300#M438477 <HTML><HEAD></HEAD><BODY><P>show run all sysopt</P><P>---</P><P>no sysopt noproxyarp inside</P><P>no sysopt noproxyarp dmz</P><P>no sysopt noproxyarp outside</P><P>no sysopt noproxyarp management</P><P></P><P>Does this mean it is on for all interfaces(or off)?</P></BODY></HTML> Tue, 11 Sep 2012 21:52:49 GMT https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023300#M438477 lostngone 2012-09-11T21:52:49Z https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023301#M438480 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>It means it's on for all the interfaces,</P><P></P><P>Try to turn it off on the DZM and see what happens:</P><P></P><P></P><P>sysopt noproxyarp dmz</P><P></P><P>Regards,</P><P></P><P><SPAN style="text-decoration: underline;"><STRONG style="background-color: #f7fafb; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">Remember to rate all of the answers,</STRONG></SPAN></P></BODY></HTML> Tue, 11 Sep 2012 22:19:26 GMT https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023301#M438480 Julio Carvajal 2012-09-11T22:19:26Z https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023302#M438483 <HTML><HEAD></HEAD><BODY><P>Thank You.</P><P> That did reslove the issue.</P><P></P><P>My next question is I thought proxy arp was off by default? This is running an 8.2.x build(I know I need to upgrade).</P><P>I can not seem find anywhere in my config where I am enabling it? Any ideas?</P></BODY></HTML> Thu, 13 Sep 2012 21:48:42 GMT https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023302#M438483 lostngone 2012-09-13T21:48:42Z https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023303#M438486 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>It is enabled by default!</P><P>sh run all sysopt .. There is where you see is enabled by default</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"><STRONG>no sysopt noproxyarp inside</STRONG></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"><STRONG>no sysopt noproxyarp dmz</STRONG></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"><STRONG>no sysopt noproxyarp outside</STRONG></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"><STRONG>no sysopt noproxyarp management</STRONG></P><P></P><P>Regards,</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"><STRONG>Remember to rate all of the helpul hosts,</STRONG></P></BODY></HTML> Thu, 13 Sep 2012 21:56:11 GMT https://community.cisco.com/t5/network-security/asa-arp-timeout-recommendation/m-p/2023303#M438486 Julio Carvajal 2012-09-13T21:56:11Z