cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
889
Views
0
Helpful
4
Replies

Proxy ARP issues

Wantser1981_2
Level 1
Level 1

Hi,

I am experiencing an issue with Proxy ARP in my network, but only for one server.

Our DG on our netowrk is an ASA 8.0(3) that has Proxy ARP enabled due to allocating a portion of the same internal range to remote hosts.

I have one server on the network that is uncontactable, again on the same range, due to the ASA replying to the ARP request.

With the ARP on my machine flushed, pinging the server gets a reply on the first ping, then times out. Looking at an ethertrace from my machine, the server replies first, hence the successful response and then the ASA replies a couple of ms later causing the ping to fail and the server to become uncontactable.

At the moment the only way I can get round this is to put a static ARP entry on my machine and any other that wants to hit this server.

I have put a static entry in the ASA and not selected the PROXY ARP check box, but this makes no difference.

Interestingly, if I leave a constant ping going the server eventually responds, but periodically (randomly) falls off of the network for a random amount of time.

Any ideas?

Thanks

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Andrew,

>> Interestingly, if I leave a constant ping going the server eventually responds, but periodically (randomly) falls off of the network for a random amount of time.

this should happen when the ARP entry expires in its (host's) table.

>> With the ARP on my machine flushed, pinging the server gets a reply on the first ping, then times out.

the correct ARP entry is overriden by another device the ASA.

>> I have put a static entry in the ASA and not selected the PROXY ARP check box, but this makes no difference.

All the other hosts that need to reach the affected server need the static entry this is a high price to pay.

>> to allocating a portion of the same internal range to remote hosts.

This is the root cause of the problems use different IP subnets on remote sites and you will get the right fix because issues like this can arise in the near future.

So a network design review is recommended.

Hope to help

Giuseppe

Thanks Giuseppe,

The points you have raised I have already come to those conclusions. What we cannot do is redesign the network because of one server.

I guess my question is, how can I stop the ASA Proxy arping for a particular address?

It is most odd that this is only form one server, when we have many on the LAN that do not experience this issue.

It maybe that I need to add a static entry to the switches so that the resolution is known and the broadcast is not required.

Thanks

Andrew

Hello Andrew,

each IP host has its own ARP table and so you would an ARP static entry on each device.

Adding the entry on the switches is not enough unless they are the gateways for the server.

This would fix communications coming from another IP subnet.

The ASA can be configured with proxy ARP disabled or enabled but not to add an exception to Proxy ARP.

Hope to help

Giuseppe

Any idea why this is happening for one server only?

Andrew

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco