We have an ASA and need to find a way to disable ARP security on the inside interface. We are going to put a device in front of it that is a sort of nearly-transparent proxy, but it unfortunately rewrites packets that travel through it with its own MAC address. The ASA seems to not like this very much at all.
Is there a way to disable that function? I have no idea what the command would be. The only thing I found related to this was ARP inspection, but that didn't seem to have anything to do with the dynamic ARP cache. It seemed to only be relevant when you have static ARP entries.
Regardless, it doesn't look like we have that turned on, anyway.
I'm not sure how that applies to what I'm talking about. Proxy ARP is when the ASA responds to an ARP request with its own MAC address even when it doesn't own it. That shouldn't be happening in our configuration anyway.
The problem appears to be that the ASA is populating its ARP cache with the real MAC addresses of these devices. Then this other box (a sort-of brouter) passes traffic through it with the source IPs of our other network devices but with its own MAC address.
It seems like the ASA thinks this is an ARP spoofing attack and is stopping the traffic.
We're going to do some more testing this morning, but I still can't figure out how to disable that behavior.