static translations via OSPF 7.0(4) to 8.0(2) upgrade

Unanswered Question
Oct 21st, 2007
User Badges:

We have an ASA5520 running 7.0(4). This firewall has several static translations and it is announcing these out the outside interface via OSPF. I recently tried to upgrade to 8.0(2) and the firewall stopped announcing these translations. Why did this change?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sun, 10/21/2007 - 17:41
User Badges:
  • Green, 3000 points or more

Matthew, refer to this thread as it seems you may have had the same issue with"sysopt noproxyarp outside" during upgrade process, if this is the case it is good for cisco to collect this info to try figuring out why this command is placed in fw when upgrading to 8.0 , this disables proxy arp , issue " show running-config sysopt" if seen as "sysopt noproxyarp outside" you must enable it by "no sysopt noproxyarp outside" in order for fw outside responds to arp request for your static translations to inside.


http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe37a7

mmacdonald70 Mon, 11/03/2008 - 19:01
User Badges:

I know that this is an extremely old thread but I thought that I should answer anyway.


My issue wasn't with proxy arp, it was with OSPF. Either by design or "feature", ASA versions < 7.2(3) (I think) advertised static translations via ospf. For example if I had the following:


static (inside,outside) 11.11.11.11 10.10.10.10 netmask 255.255.255.255


The ASA would advertise 11.11.11.11/32 though the outside interface. When I upgraded to 8.0, I lost this functionality.

Actions

This Discussion