I want to expose you an issue i found using local-proxy-arp in a vpn remote access.
The difference between local proxy-arp and local-proxy-arp is that using normal proxy arp the router sets his mac-address to a REMOTE network IP address, while in local-proxy-arp the router sets its own mac-address to an IP address in his same subnet.
In my case i configured a router cisco 1720 as remote-access-vpn-server in the subnet 192.168.0.0/24, where the default gateway of this network is the 192.168.0.254.
The ra pool couldn't be out of the 192.168.0.0/24 subnet, because clients had configured IP .254 as default gateway and the installation of the vpn-server had to be transparent to normal operations.
If I had configured an external pool, the vpn wouldn't work, because clients would send the traffic to the default gateway and in turn would drop the traffic because he hadn't any route to vpn pool.
Setting a local remote access pool, clients mad arp requests to find IP addresses in the local network but nobody replied them because the vpn-server didn't know the real mac address of the pool's IP.
On cisco routers proxy arp is enabled by default, but 'local-proxy-arp' isn't.
When i enabled local-proxy-arp in interface config mode, clients in local network begun to reply to my pc connected through vpn.
However i noticed that 50% of icmp packets i sent was not received, precisely a packet was delivered and a packet not, alternately.
This was because the vpn-server didn't know the real mac-addresses of vpn clients, so creates arp request to every packet itself.
Solution has been to set static mac-addresses in the arp table of the cisco 1720 vpn-server so that he didn't need to produce arp requests to vpn clients connected and there is no more packet loss.
I've just switched over from GNS3 and trying to get going with CML2. I see a few useful features that may come in handy, but there doesn't appear to be any documentation on some of it. Can someone help me by explaining how "Update Configuration from ...
Im running CML on VMWare ESX and im not been able to get the external connector to work properly on bridge mode. on ESX i have the following options enable but still nothings. The IOU don't get the ARP from the gateway. SecurityPromiscuous mode Accep...
Hi,There does not seem to be any way to send "CTRL+ALT+DEL" to a node running in CML2 from the WebUI. Whether it would be VNC or a Console enabled node. This would be a very helpful feature, especially when I run Windows Server nodes in a lab, saving me t...