Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
5
Replies

Proxy_arping

darrenmerrett
Level 1
Level 1

‎08-13-2005 02:13 PM - edited ‎03-09-2019 12:08 PM

I am trying to protect a public server with a public IP in COLO space with a PIX 506. I do not want to change the IP of the server, so I believe I need to use Proxy Arping.

Do I simply need to add an entry

arp inside 80.xxx.xxx.003 XMAC.ADDR.ESSX

I have setup the following

Outside IP to 80.XXX.XXX.002

My server is 80.XXX.XXX.003

I have set the inside IP to 10.1.1.1 as I read somewhere that the inside IP is not important when using Proxy ARP.

This has been driving me crazy and I would appreciate any advice

Thanks

Labels:
0 Helpful
5 Replies 5

mehrdad
Level 3
Level 3

‎08-14-2005 12:38 AM

Could you pls explain me the following :

- the server IP address that you don't want to change it

- your public IP address that you want to assign to server

- the PIX inside IP address and the PIX outside IP address

0 Helpful

darrenmerrett
Level 1
Level 1
In response to mehrdad

‎08-14-2005 07:47 AM

Thanks for replying.

I have a range 80.xxx.xxx.001 - 80.xxx.xxx.31 allocated by my ISP.

The server uses 80.xxx.xxx.002 and I have assigned 80.xxx.xxx.003 for the outside and 10.1.1.1 for the inside.

I can change the addresses for inside and outside but not for the server.

0 Helpful

mehrdad
Level 3
Level 3
In response to darrenmerrett

‎08-14-2005 08:28 PM

if I undrestood correctly, use static NAT as following :

static (inside,outside) 80.xxx.xxx.003 80.xxx.xxx.002 netmask 255.255.255.255

access-list myacl permit ip any host 80.xxx.xxx.003

access-group myacl in interface outside

by this your server IP address will be changed from 80.xxx.xxx.002 to 80.xxx.xxx.003 without any changing on the server.

0 Helpful

darrenmerrett
Level 1
Level 1
In response to mehrdad

‎08-14-2005 09:34 PM

Thanks for your help. It is still not working though. Maybe I should start from the beginning.

I currently have a server 80.xxx.xxx.002

I have an IP range 80.xxx.xxx.000 - 80.xxx.xxx.031

I want to add my Cisco PIX without changing the server IP or sub netting, as I do not want to lose any IP addresses.

I have read many articles that suggest I need to use Proxy-Arping, how should I setup the server ?

0 Helpful

mehrdad
Level 3
Level 3
In response to darrenmerrett

‎08-15-2005 12:12 AM

with assume that your gateway is 80.XXX.XXX.001 and you can use 80.XXX.XXX.002 for PIX outside interface

----- PIX -----

no sysopt noproxyarp inside

ip address outside 80.XXX.XXX.002 255.255.255.224

ip address inside 10.1.1.1 255.255.255.0

access-list 100 permit ip 80.XXX.XXX.002 255.255.255.224 any

nat (inside) 0 access-list 100

route outside 0.0.0.0 0.0.0.0 80.XXX.XXX.001

0 Helpful
Customers Also Viewed These Support Documents