static translations via OSPF 7.0(4) to 8.0(2) upgrade

Unanswered Question
Oct 21st, 2007

We have an ASA5520 running 7.0(4). This firewall has several static translations and it is announcing these out the outside interface via OSPF. I recently tried to upgrade to 8.0(2) and the firewall stopped announcing these translations. Why did this change?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sun, 10/21/2007 - 17:41

Matthew, refer to this thread as it seems you may have had the same issue with"sysopt noproxyarp outside" during upgrade process, if this is the case it is good for cisco to collect this info to try figuring out why this command is placed in fw when upgrading to 8.0 , this disables proxy arp , issue " show running-config sysopt" if seen as "sysopt noproxyarp outside" you must enable it by "no sysopt noproxyarp outside" in order for fw outside responds to arp request for your static translations to inside.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe37a7

mmacdonald70 Mon, 11/03/2008 - 19:01

I know that this is an extremely old thread but I thought that I should answer anyway.

My issue wasn't with proxy arp, it was with OSPF. Either by design or "feature", ASA versions < 7.2(3) (I think) advertised static translations via ospf. For example if I had the following:

static (inside,outside) 11.11.11.11 10.10.10.10 netmask 255.255.255.255

The ASA would advertise 11.11.11.11/32 though the outside interface. When I upgraded to 8.0, I lost this functionality.

Actions

This Discussion