Issue with ASA

Unanswered Question
Feb 5th, 2009


I have an issue with my ASA where if i point a default route from the WAN router to the firewall i get incomplete arp records on the router and i cant get to anything behind the firewall. But if i put the specific statics in to the subnets behind the firewall everything works fine.

What is the problem with my firewall does it need proxy arp enabling to respond on behalf of these subnets.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
eddie.mitchell@... Thu, 02/05/2009 - 11:26


I am assuming the inside interface of the WAN router and the outside interface of the ASA share the same public address space? I am also assuming you are attempting to access RFC-1918 address space on the inside interface of the ASA?

To get traffic from a lower security interface (outside) to a higher security interface (inside) on PIX/ASA firewalls you need static statements.

kevinhobson2000 Thu, 02/05/2009 - 23:44


Hi this is a customer of ours.

Its not a public its on a 10 range.

We supply them with internet access but that is a different router.

Let me know anymore info you need.



Pravin Phadte Fri, 02/06/2009 - 05:34

Plz provide the configs

it would help to narrow down the problem much better

kevinhobson2000 Mon, 02/09/2009 - 00:50


Unfortunately i cant provide the configs because its not our firewall.

All i can tell you is that there is a default route to the firewall which is advertised via bgp.

So traffic follows the default route the follows the connected route because it is more specific than the default so it is relying on ARP for the ip addresses and they are incomplete for anything it seems behind the customer firewall.




This Discussion