Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
997
Views
0
Helpful
3
Replies

ASA 5520 and interface proxy arp setting

sham
Level 1
Level 1

‎12-08-2007 09:45 AM - edited ‎03-11-2019 04:41 AM

What are the porpose of proxy arps setting, and how should be be setup?

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎12-08-2007 11:13 AM

Hi

Proxy-arp allows the ASA device to respond to an ARP for hosts that are behind it. So if you have a static mapping eg.

static (inside,outside) 195.167.10.1 192.168.5.1 netmask 255.255.255.255

when a machines on the outside of the ASA arps for 195.167.10.1 the ASA replies with the MAC address of it's outside interface and then forwards the packet on to the internal address of 192.168.5.1.

Attached is a troubleshooting doc for ASA/Pix connectivity issues. Have a look at number 11 in the list which explains proxy-arp in a bit more detail.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009402f.shtml#trouble

HTH

Jon

0 Helpful

sham
Level 1
Level 1
In response to Jon Marshall

‎12-08-2007 11:29 AM

Thankx for your reply, It looks like we have to enable ouside interface's proxy arps, but do we have to enable proxy arps for inside and dzm interfaces?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to sham

‎12-08-2007 11:42 AM

It depends on your static mappings ie. if you map things between the DMZ and the inside you would need it on the DMZ interface.

As for the inside, again it depends on whether you are wanting to present outside destinations as different addresses to your inside clients.

Jon

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card