03-24-2008 05:31 AM - edited 03-11-2019 05:21 AM
I understand that proxyarp is enabled by default on the fw....with this enabled would it cause internal network routing issues? (responding to arp requests) should proxyarp be enabled for outside interface as well?
currently i have it DISABLED but not able to reach server which has static translation config'd unless i enable it.
thanks for any info
Solved! Go to Solution.
03-24-2008 06:34 AM
Hi
You need proxyarp enabled if you want the ASA to respond to arps for static translations eg.
static (inside,outside) 193.10.10.10 192.168.5.10 netmask 255.255.255.255
If a machine on the outside arps out for 193.10.10.10 then the ASA needs to respond with it's outside interfaces mac-address and then when the packet is forwarded to the ASA it then translates it to 192.168.5.10 and forwards it on through it's inside interface.
However you can disable proxyarp on a per interface basis so if you think it is causing problems you could try disabling it on your inside interface only.
Please see attached link for details
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/s.html#wp1542397
HTH
Jon
03-24-2008 06:34 AM
Hi
You need proxyarp enabled if you want the ASA to respond to arps for static translations eg.
static (inside,outside) 193.10.10.10 192.168.5.10 netmask 255.255.255.255
If a machine on the outside arps out for 193.10.10.10 then the ASA needs to respond with it's outside interfaces mac-address and then when the packet is forwarded to the ASA it then translates it to 192.168.5.10 and forwards it on through it's inside interface.
However you can disable proxyarp on a per interface basis so if you think it is causing problems you could try disabling it on your inside interface only.
Please see attached link for details
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/s.html#wp1542397
HTH
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide