cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
316
Views
0
Helpful
5
Replies

Issue with ASA

kevinhobson2000
Level 1
Level 1

Hi,

I have an issue with my ASA where if i point a default route from the WAN router to the firewall i get incomplete arp records on the router and i cant get to anything behind the firewall. But if i put the specific statics in to the subnets behind the firewall everything works fine.

What is the problem with my firewall does it need proxy arp enabling to respond on behalf of these subnets.

Thanks

Kev

5 Replies 5

andrew.prince
Level 10
Level 10

Kev,

Ths issue is the ASA needs to know all the subnets that are behind the router. The firewall will "route" all IP traffic NOT known on the local subnets to the next hop layer 3 device = your router.

If you have 1 flat IP subnet - you should not have this issue. If you have multiple - the asa needs to know where to hand off the traffic to.

HTH>

Hi,

I mean the specific statics are on the router so it has an arp entry but when this is changed to a default so it relies on the firewall to resolve the arp requests which it isnt doing.

Would it need proxy arp turning on or some other kind of config?

Cheers

Kev

Sounds to me you could have incorrect config issue. The router should not have to rely on the device for arp requests.

What is your topology like?

Could it be a proxy arp issue.

That what it looks like?

Topology router - Switch - Firewall.

Cheers

Kev

In my opionon, I cannot see why the router would have any issues resolving ARP to any machine connected on the LAN - and then thinks it must use the Firewall as a Proxy ARP.

Unless the router only has 1 layer 3 IP interface, and you have multiple VLAN interfaces - and the layer 3 interfaces are on the firewall......but then you would jusdt configure static routes pointing to the next layer 3 device that knows or has the directly connected networks - i.e the firewall?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: