Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
290
Views
0
Helpful
1
Replies

PIX515: Disabled proxyarp answers (an on the wrong interface)

sebastiankoerner
Level 1
Level 1

‎04-06-2005 01:44 AM - edited ‎03-05-2019 11:29 AM

I posted this in the VPN Section some days ago. Maybe anyone here can help?

We are terminating an VPN (for CISCO VPN Client) on PIX515.

The Adresspool for the VPN is part of the ethernet1 (inside) pool and is not translated "nat (inside) 0 ...". The inside is configured for proxyarp. proxyarp is disabled for the outside interface.

Both Interfaces are on the same Broadcast-Network but with different IP Networks.

Now the problem: The PIX sends the data from the inside-Interface. But when it gets a arp-Request (for the VPN-Addresses) it answers on the outside interface and with the MAC Adress of the outside interface. As a result all packets to the VPN Clients are send to the outside-Interface where PIX refuses them "no xlate".

How can we avoid that PIX 515 uses proxyarp on the outside interface (even though it is disabled!)

Best Regards

Sebastian Koerner

Labels:
0 Helpful
1 Reply 1

lgijssel
Level 9
Level 9

‎04-06-2005 11:07 AM

Hi Sebastian,

Connecting a PIX with both interfaces to the same network is, unusual, to say the least.

I propose that you post your config so that we can have a better look.

Regards,

Leo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card