cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
264
Views
0
Helpful
2
Replies

static translations via OSPF 7.0(4) to 8.0(2) upgrade

mmacdonald70
Level 1
Level 1

We have an ASA5520 running 7.0(4). This firewall has several static translations and it is announcing these out the outside interface via OSPF. I recently tried to upgrade to 8.0(2) and the firewall stopped announcing these translations. Why did this change?

2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

Matthew, refer to this thread as it seems you may have had the same issue with"sysopt noproxyarp outside" during upgrade process, if this is the case it is good for cisco to collect this info to try figuring out why this command is placed in fw when upgrading to 8.0 , this disables proxy arp , issue " show running-config sysopt" if seen as "sysopt noproxyarp outside" you must enable it by "no sysopt noproxyarp outside" in order for fw outside responds to arp request for your static translations to inside.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe37a7

Jorge Rodriguez

I know that this is an extremely old thread but I thought that I should answer anyway.

My issue wasn't with proxy arp, it was with OSPF. Either by design or "feature", ASA versions < 7.2(3) (I think) advertised static translations via ospf. For example if I had the following:

static (inside,outside) 11.11.11.11 10.10.10.10 netmask 255.255.255.255

The ASA would advertise 11.11.11.11/32 though the outside interface. When I upgraded to 8.0, I lost this functionality.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: