https://community.cisco.com/t5/network-security/asa-proxy-arp/m-p/1431771#M692026 <HTML><HEAD></HEAD><BODY><P>thanks Jon</P><P></P><P></P><P>I kind of guessed it would be something like that - I would like to turn Proxy arp off on the management interface but i'm a little bit worried about disconnecting myself and not being able to fix it quickly -&nbsp; this is&nbsp; on a live network. I think common sense would tell me to do it out of office hours.</P><P></P><P></P><P>many thanks for the information.</P><P></P><P>regards</P><P></P><P>Keith</P></BODY></HTML> Mon, 26 Apr 2010 08:32:34 GMT KeithN123 2010-04-26T08:32:34Z https://community.cisco.com/t5/network-security/asa-proxy-arp/m-p/1431769#M691946 <P>Is it normal for traffic between hosts on the same subnet</P><P>to&nbsp; be "Proxied" by the ASA interface ? If I turn off proxy arp it breaks the configured NAT.</P><P></P><P>thanks</P><P></P><P>Keith</P> Mon, 11 Mar 2019 17:37:17 GMT https://community.cisco.com/t5/network-security/asa-proxy-arp/m-p/1431769#M691946 KeithN123 2019-03-11T17:37:17Z https://community.cisco.com/t5/network-security/asa-proxy-arp/m-p/1431770#M691989 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>KeithN123 wrote:</P><P></P><P>Is it normal for traffic between hosts on the same subnet</P><P>to&nbsp; be "Proxied" by the ASA interface ? If I turn off proxy arp it breaks the configured NAT.</P><P></P><P>thanks</P><P></P><P>Keith</P></PRE><P></P><P>Keith</P><P></P><P>Traffic between hosts in the same subnet should not need to go via the ASA. It is often a good idea to turn off proxy-arp when not needed but as you have found it can break nat statements. Generally speaking you need proxy-arp on the outside interface of the ASA most of the time but whether or not you need it on the other interfaces all depends on which nat translations you have setup.</P><P></P><P>Note also that the ASA might well be responding to the arp but so will/should the destination host in the same subnet.</P><P></P><P>Jon</P></BODY></HTML> Mon, 26 Apr 2010 08:18:11 GMT https://community.cisco.com/t5/network-security/asa-proxy-arp/m-p/1431770#M691989 Jon Marshall 2010-04-26T08:18:11Z https://community.cisco.com/t5/network-security/asa-proxy-arp/m-p/1431771#M692026 <HTML><HEAD></HEAD><BODY><P>thanks Jon</P><P></P><P></P><P>I kind of guessed it would be something like that - I would like to turn Proxy arp off on the management interface but i'm a little bit worried about disconnecting myself and not being able to fix it quickly -&nbsp; this is&nbsp; on a live network. I think common sense would tell me to do it out of office hours.</P><P></P><P></P><P>many thanks for the information.</P><P></P><P>regards</P><P></P><P>Keith</P></BODY></HTML> Mon, 26 Apr 2010 08:32:34 GMT https://community.cisco.com/t5/network-security/asa-proxy-arp/m-p/1431771#M692026 KeithN123 2010-04-26T08:32:34Z