01-27-2017 01:25 PM - edited 03-08-2019 09:05 AM
Hi,
Say I have 2 public IP subnets:
The subnet 1.2.50.1/24 is NEW, and being routed to me by the ISP. I'm seeing ARP requests come in when I do a debug arp:
arp-in: request at outside from 1.2.50.1 0005.8562.ddee for 1.2.50.100 0000.0000.0000 having smac 0005.8562.ddee dmac ffff.ffff.ffff
The issue is that, even with a NAT rule, I can't seem to get anything to actually load. What am I missing here? It's like the firewall can see the ARP request but isn't answering it.
My NAT rule:
nat (ASA_DMZ,outside) source static internal-haproxy-vip 1.2.50.100-vip service https https description NEW NETWORK TEST
Any ideas? I DID create a static route as well:
route outside 1.2.50.0 255.255.255.0 1.2.50.1 1
Solved! Go to Solution.
01-27-2017 03:13 PM
Hi
The new subnet is routed by your provider then everyone from outside can reach your firewall. You don't need to create a static route on asa for this public subnet.
Asa isn't replying to arp because you don't have a real interface within this subnet. To allow that you'll need to user the command arp permit-nonconnected
If you have created your nat, do you see your traffic arriving on asa? Did you do a test with packet-tracer as well to test your nat?
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
01-27-2017 03:13 PM
Hi
The new subnet is routed by your provider then everyone from outside can reach your firewall. You don't need to create a static route on asa for this public subnet.
Asa isn't replying to arp because you don't have a real interface within this subnet. To allow that you'll need to user the command arp permit-nonconnected
If you have created your nat, do you see your traffic arriving on asa? Did you do a test with packet-tracer as well to test your nat?
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
01-27-2017 10:24 PM
You were correct, adding arp permit-nonconnected fixed it, thanks!
01-28-2017 07:20 AM
You're very welcome
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide