Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3223
Views
0
Helpful
0
Comments

The VPN tunnel does not come up on the ASA 5520 with Proxy ARP enabled on the outside interface

TCC_2
Level 10
Level 10

‎06-22-2009 05:30 PM - edited ‎03-08-2019 06:25 PM

Core issue

There are a few reasons that a VPN tunnel may not to come up on Adaptive Security Appliance (ASA). One reason might be the Proxy Address Resolution Protocol (ARP).

When a host sends IP traffic to another device on the same Ethernet network, the host needs to know the MAC address of the device. ARP is a Layer 2 (L2) protocol that resolves an IP address to a MAC address. A host sends an ARP request asking  Who is this IP address?

The device owning the IP address replies,  I own that IP address; here is my MAC address.

Proxy ARP is when a device responds to an ARP request with its own MAC address, even though the device does not own the IP address. The security appliance uses proxy ARP when you configure Network Address Translation (NAT) and specify a global address that is on the same network as the security appliance interface. The only way traffic can reach the hosts is if the security appliance uses proxy ARP to claim that the security appliance MAC address is assigned to destination global addresses.

Resolution

If there is a router sitting in front of ASA, disable Proxy ARP on the outside interface of ASA. It interferes with the ARP table on router.

To disable Proxy ARP, issue the no sysopt noproxyarp interface_name command.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents