Richard Burts Wed, 01/07/2009 - 12:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Redirects make sense on multi-access interfaces such as Ethernet and not so much on other types of interfaces (point to point, etc). So it makes sense to configure no ip redirects on all Ethernet interfaces but not so much sense on serial interfaces etc.


HTH


Rick

Jon Marshall Wed, 01/07/2009 - 12:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Well you certainly don't want to turn this off (sysopt proxy-arp) on an ASA interface that is doing NAT ie.


static (inside,outside) 212.12.1.1 192.168.5.1 netmask 255.255.255.255


you need the proxy-arp on the ASA or the static statement wouldn't work as the ASA needs to respond for addresses that are not actually connected to any interface.


As for internally, no in general you shouldn't need it as long as you are not relying on any internal clients resolving arp queries for clients it thinks are local but are actually on the other side of a router. Not as common as it used to be.


Jon

Actions

This Discussion