Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
4
Replies

Proxyarp Question

j.allred
Level 1
Level 1

‎05-04-2004 11:34 AM - edited ‎03-09-2019 07:16 AM

We just switched to a PIX 515e and ran into the infamous proxyarp issue with our internal users loosing connectivity to servers that had static mappings in the PIX. (Mostly our Exchange server.) I turned off the proxyarp on the inside interface and the DMZ interface. This fixed the connectivity issues but created a new issue. We host our company web server on the DMZ and can no longer reach it from the internal network. If I turn proxyarp back on for the DMZ interface access to the company website returns but so do the connectivity issues. Anyone have a fix for this?

Labels:
0 Helpful
4 Replies 4

mvalentine
Level 1
Level 1

‎05-04-2004 11:49 AM

i ran into this as well, i added a static arp entry and it fixed my problem.

arp if_name ip_address mac_address

0 Helpful

j.allred
Level 1
Level 1
In response to mvalentine

‎05-04-2004 01:04 PM

Thanks for the response. I am somewhat new to this. Where would I apply this static arp? Inside, DMZ? The goal would be for the web server to be able to respond to requests from the internal network.

Thanks!!

0 Helpful

mvalentine
Level 1
Level 1
In response to j.allred

‎05-05-2004 04:56 AM

Sorry my first answer might be wrong. What exactly was the proxy arp problem, did you lose connectivety through the pix because the arp entries timed out or did you run into dns/web server connectivety issues like th eones in this lin

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

If it was the first (arp timeouts) then you need a static entry if not look at the link because I think it's what you're experiencing

0 Helpful

mvoight
Level 1
Level 1

‎05-17-2004 01:53 PM

When I most often see proxy arp issues, it is due to an incorrect use of the "static" command. For instance,

static (inside, dmz) if the address you are translating is actually that of a host on the dmz. In the latest PIX version, you can resolve this by making it "static (dmz,inside)". Generally, if the host is on the outermost interface of the pairing, then there is no need to NAT it in the first place.

So, before disabling proxy arp, examine your "static" statements and make sure you aren't trying to use static to nat the outermost host in the setup.

0 Helpful
Customers Also Viewed These Support Documents