ASA and multiple mac aliases on outside interface

Ronald Nutter · ‎09-09-2011

We are dealing with an ISP for a remote office that will assign us multiple ip addresses but requires a unique mac address for each ip address. In the ASA, I see an arp outside alias command. Is that something I can use for this purpose or is there another way to handle it ?

Ron

Kureli Sankar · ‎09-09-2011

What is the end goal? You want the ASA to accept traffic for all these IP addresses? If that is the case then the ASA will proxy arp for the translations configured and it has to be one unique mac and not multiple MACs.

That arp alias command is to accomplish the same thing that proxy arp does.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a2.html#wp1626420

-KS

Ronald Nutter · ‎09-09-2011

The problem I am working around is that the ISP requires a unique mac address for each IP address they will be

assigning to us. That is why I am looking at the ARP alias command. The ISP wont give us the mac addresses so that

we can assign them statically but will be doing dhcp reservations.

Ron

Kureli Sankar · ‎09-09-2011

I am not sure what to suggest. There is no way the ASA will accept packets that is destined to some other MAC it doesn't own.

Tell the ISP they can assign one IP for the ASA's outside interface MAC and route traffic to the rest of the IPs to the same destination mac.

Unless you are looking for these additional IPs for other devices on the outside of the ASA in which case you can hand them those device MACs.

-KS