Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2784
Views
9
Helpful
3
Replies

no ip redirects / no ip unreachables

cisco_lite
Level 1
Level 1

‎01-07-2009 12:14 PM - edited ‎03-06-2019 03:18 AM

Should 'no ip redirects' & 'no ip unreachables' be applied to all the interfaces of a router.

Is it applicable to ASA as well ?

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎01-07-2009 12:26 PM

Redirects make sense on multi-access interfaces such as Ethernet and not so much on other types of interfaces (point to point, etc). So it makes sense to configure no ip redirects on all Ethernet interfaces but not so much sense on serial interfaces etc.

HTH

Rick

HTH

Rick

cisco_lite
Level 1
Level 1
In response to Richard Burts

‎01-07-2009 12:37 PM

And how about ip proxy-arp ?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cisco_lite

‎01-07-2009 12:45 PM

Well you certainly don't want to turn this off (sysopt proxy-arp) on an ASA interface that is doing NAT ie.

static (inside,outside) 212.12.1.1 192.168.5.1 netmask 255.255.255.255

you need the proxy-arp on the ASA or the static statement wouldn't work as the ASA needs to respond for addresses that are not actually connected to any interface.

As for internally, no in general you shouldn't need it as long as you are not relying on any internal clients resolving arp queries for clients it thinks are local but are actually on the other side of a router. Not as common as it used to be.

Jon

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card