06-04-2007 12:14 PM - edited 03-11-2019 03:24 AM
Is it possible to configure a static NAT for which PIX will not reply any arp request?
06-06-2007 02:02 AM
Can you route to it?
06-06-2007 07:28 AM
Yes, I believe routing is not an issue in terms of my configuration.
I have a load balancer device in front of PIX to load balance some services on the servers protected by PIX. I have static NATs for the real IP addresses of the servers. Yet, I need to configure VIP addresses to be handled by PIX. However, according to the load balancer documentation, nobody should reply the arp request for VIP, except itself. So, they were suggesting to set loopback addresses on the server for VIPs. However, when I put PIX in between them, things get complicated. And I need to handle the issue properly with PIX.
06-06-2007 05:55 PM
You may use following command-
sysopt noproxyarp
Note: Using above command affets all the translations on
Hope this helps.
Regards,
Vibhor.
06-07-2007 07:41 AM
Thanks for the suggestion, but my understanding from your explanation above is that it would stop arp replies for all static NATs defined for that interface. This is not what I want. What I want is to have proxy arp for some NATs (for the real IPs), while no proxy arp for other NATs (for the virtual IPs). To be more specific, real IPs are the ones assigned to the physical interfaces of a server. Virtual IPs are the ones assigned to loopback interfaces of a server. In a normal operation, servers only reply to arp request for the real IPs, but no arp replies for virtual IPs. Therefore, when I put a PIX device in front of such a configured server, I would like to have the same type of behaviour after NATs.
Anyways, may be I am forcing too much, and is not a realistic implementation. But if you have any other idea, please send them.
Thanks!
06-07-2007 09:58 AM
Unfortunately, we cant selectively disable proxy-arp for some IPs.
Regards,
Vibhor.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide