Hello!
I had an issue when I setup AnyConnect for a client on a FTD firewall using FMC. The issue was that their ISP is handing out static IP addresses to all their clients on a shared /23 network. I didn't specify no-proxy-arp, and after a few hours, the ISP shut off our internet because it was screwing with all their other customers.
I apologize for not fully understanding Static vs Dynamic NAT, though I have a basic understanding. The instructions I've been using tell me to do a static NAT rule to specify no nat for internal traffic, but I want to setup a hairpin as well. The instructions tell me to do a dynamic NAT rule for the hairpin. I'm able to check the box for no-proxy-arp on the static NAT, but it's greyed out for the Dynamic NAT. Does dynamic NAT just not use proxy-arp? or does it need to use proxy arp? Or am I missing something else?
Thanks,
Andy