Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
1
Replies

Firewall Arp replies

bushindustries
Level 1
Level 1

‎03-26-2011 01:09 PM - edited ‎03-11-2019 01:13 PM

Issue: Setting up an ASA 5505 ver 8.4 between internal network and WAN pipe (managed routers - no access).  Traffic is getting acrossed WAN fine (from firewall point of view inside to outside).  Traffic bound from outside to inside is getting to managed router, then router is sending out an arp request - who has address 1.1.1.1?  Firewall has access rule to allow traffic from 1.1.1.1 > Inside, but doesn't answer the arp request and packet hangs at router.  I can use a static proxyarp entry to get the ASA to answer with it's own mac address, then packet is routed fine (router outside subnet matches WAN router.  the "1.1.0.0/16" is inside) but I've got a ton of IPs to permit.

Question: how do I get the ASA to answer the arp requests stating that it has the IP addresses that are on the inside, or at least the ones that it has an ACL Outside to Inside without creating a proxy arp entry for each ip address (I'll have to wait for the owner of the managed wan pipe to get around to adding an IP route to the router, so looking for a quicker answer...)?

Labels:
0 Helpful
1 Reply 1

bushindustries
Level 1
Level 1

‎03-26-2011 01:15 PM

addendum: many of the IPs being routed from outside to inside are hard coded, so NAT translation will not work for many of them.  This was previously working on a different ASA running ver 8.2.  Cannot see anything missing from the setup.  Also correction above - traffic is permitted by ACL from outside TO 1.1.1.1  not from - sorry if that was confusing...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card