12-08-2007 09:45 AM - edited 03-11-2019 04:41 AM
What are the porpose of proxy arps setting, and how should be be setup?
12-08-2007 11:13 AM
Hi
Proxy-arp allows the ASA device to respond to an ARP for hosts that are behind it. So if you have a static mapping eg.
static (inside,outside) 195.167.10.1 192.168.5.1 netmask 255.255.255.255
when a machines on the outside of the ASA arps for 195.167.10.1 the ASA replies with the MAC address of it's outside interface and then forwards the packet on to the internal address of 192.168.5.1.
Attached is a troubleshooting doc for ASA/Pix connectivity issues. Have a look at number 11 in the list which explains proxy-arp in a bit more detail.
HTH
Jon
12-08-2007 11:29 AM
Thankx for your reply, It looks like we have to enable ouside interface's proxy arps, but do we have to enable proxy arps for inside and dzm interfaces?
12-08-2007 11:42 AM
It depends on your static mappings ie. if you map things between the DMZ and the inside you would need it on the DMZ interface.
As for the inside, again it depends on whether you are wanting to present outside destinations as different addresses to your inside clients.
Jon
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide