Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi Vijay,
I don’t think you understood what me or either document was talking about.
ASA won’t proxy arp for the entire subnet for the entire subnet by default. There is normally a NAT statement that makes ASA to proxy arp for an IP or a subnet....
My2Cents,
Not sure if this applies in your scenario as you are running legacy ASA 5510 which cannot running software version beyond 9.1.x. But if you are running ASA with software code >= 9.3.2 then ASA supports third-party clients for IKEv2 protoc...
My2Cents,
ASA would normally proxy-arp for IP addresses that are mentioned in the NAT statements.
The NAT you mentioned should only make ASA proxy-arp for 172.19.128.61.
Do you have an identity nat where the complete OUTSIDE subnet is mention...
My2Cents:
ASA is receiving delete from the peer device. In my opinion you should focus on peer device and if possible collect debugs from both end at the same time.
Hi Zach,
I have seen this in working couple of months back and TCP state bypass was resolving the given that the match policy for class map is using VPN subnets for IN-to-OUT and another one which matches VPN traffic (ESP Traffic) OUT-to-IN.
./Ad...
