ASA 5520 and interface proxy arp setting

Unanswered Question
Jon Marshall Sat, 12/08/2007 - 11:13


Proxy-arp allows the ASA device to respond to an ARP for hosts that are behind it. So if you have a static mapping eg.

static (inside,outside) netmask

when a machines on the outside of the ASA arps for the ASA replies with the MAC address of it's outside interface and then forwards the packet on to the internal address of

Attached is a troubleshooting doc for ASA/Pix connectivity issues. Have a look at number 11 in the list which explains proxy-arp in a bit more detail.



Jon Marshall Sat, 12/08/2007 - 11:42

It depends on your static mappings ie. if you map things between the DMZ and the inside you would need it on the DMZ interface.

As for the inside, again it depends on whether you are wanting to present outside destinations as different addresses to your inside clients.




This Discussion