cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Transparent Subnet Gateways Using Proxy ARP

1981
Views
5
Helpful
1
Comments
Deepak Kumar
VIP Advocate
This is my first blog on the Cisco portal and my not a native English speaker. So there is a chance to make some grammatical mistakes. Please ignore it or make me correct.
 
Few days before we were working at a client site and we found some limitations on NGFW (another vendor) as that device will not work in bridge mode with PPOE connection. My friend has come with an RFC 1027.
 
I knew the Proxy-ARP but never seen this type of example. This is called "transparent Subnet Gateways Using Proxy ARP". Proxy ARP is the technique of using a router to answer ARP requests. Proxy ARP can help hosts on a subnet reach remote subnets without the need for additional configuration. An administrator can set up a Transparent Subnet Gateway so that two physical segments with the same IP address range,  connected to the same router can communicate via ARP with each other.
 
Here is the Network diagram for the same:
 
Transparenent Proxy gateway.png
And here is the configuration for the same:
R1: Inside Web Server (Maybe another server)
R2: Internet Gateway for my Office/Edge router
R3: ISP Router and this router is not in your under control.
 
This is my LAB and I don't have any server added to my GNS3 so I added a router  and configured:
 
R1 Configuration:
  1. IP 1.1.1.3/24 added under the interface FastEthernet 0/0
  2. Default Gateway added to 1.1.1.1  (My Internet/WAN Default Gateway), which is configured on ISP router.
interface FastEthernet0/0
 ip address 1.1.1.3 255.255.255.0
 duplex full
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
 
R2 Configuration (Internet Edge):
interface FastEthernet0/0
Description "Connected to R1"
 ip address 10.10.10.1 255.255.255.0
 duplex full
IP proxy-arp
!
interface FastEthernet1/0
Description "Connected to R3/ISP"
 ip address 1.1.1.2 255.255.255.0
 speed auto
 duplex auto
IP proxy-arp
!
ip route 1.1.1.1 255.255.255.255 FastEthernet1/0
ip route 1.1.1.3 255.255.255.255 FastEthernet0/0
route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
 
R3 Configuration  (ISP Router)
 
interface FastEthernet0/0
Description "Connected to R2/Client"
 ip address 1.1.1.1 255.255.255.0
 duplex full
 
Testing LAB configuration:
R3#ping 1.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/75/232 ms
R3#
 
 
Tried to remove the IP Proxy-arp (No Proxy-arp) on R2 interfaces and remove the arp cheche (clear arp-cache) and test it again.
If it is useful, please vote.
 
Deepak Kumar
1 Comment