ASA 5520 and interface proxy arp setting

Unanswered Question
Jon Marshall Sat, 12/08/2007 - 11:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Proxy-arp allows the ASA device to respond to an ARP for hosts that are behind it. So if you have a static mapping eg.


static (inside,outside) 195.167.10.1 192.168.5.1 netmask 255.255.255.255


when a machines on the outside of the ASA arps for 195.167.10.1 the ASA replies with the MAC address of it's outside interface and then forwards the packet on to the internal address of 192.168.5.1.


Attached is a troubleshooting doc for ASA/Pix connectivity issues. Have a look at number 11 in the list which explains proxy-arp in a bit more detail.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009402f.shtml#trouble


HTH


Jon

Jon Marshall Sat, 12/08/2007 - 11:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


It depends on your static mappings ie. if you map things between the DMZ and the inside you would need it on the DMZ interface.


As for the inside, again it depends on whether you are wanting to present outside destinations as different addresses to your inside clients.


Jon


Jon

Actions

This Discussion