Even 10.1.1.1 should be

ajaymehra011 · ‎06-04-2015

Hi Experts,

This is my 1st post. Apologise if this is a basic question according to your standards.

I am trying to figure out the proxy arp behaviour of following command. Hope someone can help.

nat (Outside,DMZ) after-auto source static any any destination static 20.1.1.1 10.1.1.1

Since Static NAT works in both direction is it right to say that ASA FW will respond to ARP request for any ip address on both Outside and DMZ interface ( due to any any)?

Thanks,

Ajay

Vibhor Amrodia · ‎06-04-2015

Hi,

It will do the Proxy Arp for the Mapped IP address in the NAT statement.

20.1.1.1 which is not existing physically anywhere in the network.

Thanks and Regards,

Vibhor Amrodia

ajaymehra011 · ‎06-04-2015

Even 10.1.1.1 should be considered a mapped address ( I think static is bi directional). Isn't there any significance of "any any" in relation to proxy arp? Wouldn't it cause ASA to respond to any ARP request on both Outside and DMZ?

Vibhor Amrodia · ‎06-04-2015

Hi,

When we are talking about the Proxy Arp on the ASA device interfaces , it will do that for the interfaces subnet automatically.

In case if NAT , the mapped range is also going to be included for addresses which will be proxy arped by the ASA device.

Thanks and Regards,

Vibhor Amrodia

Proxy ARP behaviour for following command