Issue with ASA

Unanswered Question
Feb 5th, 2009


I have an issue with my ASA where if i point a default route from the WAN router to the firewall i get incomplete arp records on the router and i cant get to anything behind the firewall. But if i put the specific statics in to the subnets behind the firewall everything works fine.

What is the problem with my firewall does it need proxy arp enabling to respond on behalf of these subnets.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


Ths issue is the ASA needs to know all the subnets that are behind the router. The firewall will "route" all IP traffic NOT known on the local subnets to the next hop layer 3 device = your router.

If you have 1 flat IP subnet - you should not have this issue. If you have multiple - the asa needs to know where to hand off the traffic to.


kevinhobson2000 Thu, 02/05/2009 - 06:12


I mean the specific statics are on the router so it has an arp entry but when this is changed to a default so it relies on the firewall to resolve the arp requests which it isnt doing.

Would it need proxy arp turning on or some other kind of config?



kevinhobson2000 Thu, 02/05/2009 - 07:10

Could it be a proxy arp issue.

That what it looks like?

Topology router - Switch - Firewall.



In my opionon, I cannot see why the router would have any issues resolving ARP to any machine connected on the LAN - and then thinks it must use the Firewall as a Proxy ARP.

Unless the router only has 1 layer 3 IP interface, and you have multiple VLAN interfaces - and the layer 3 interfaces are on the firewall......but then you would jusdt configure static routes pointing to the next layer 3 device that knows or has the directly connected networks - i.e the firewall?


This Discussion