Possible issue with Proxy Arp on a Pix

Unanswered Question
Apr 26th, 2006
User Badges:

I was working on a pix today that had its internal interface connected to heavily used server segment. After adding a static translation to the pix, the server segment started having issues. Think we are thinking that after adding the static, it turned on proxy arp and started answering requests for all ip addresses... Has anyone else seen this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Fernando_Meza Wed, 04/26/2006 - 17:44
User Badges:
  • Gold, 750 points or more

Have you set up the max-conn or emb-limit options when you created the static nat ..? if you did .. please see below :


Specifies the maximum number of embryonic connections per host. An embryonic

connection is a connection request that has not finished the necessary handshake

between source and destination. Set a small value for slower systems, and a higher

value for faster systems. The default is 0, which means unlimited embryonic

connections.


max_conns Specifies the maximum number of simultaneous TCP and UDP connections for the

entire subnet. The default is 0, which means unlimited connections. (Idle

connections are closed after the idle timeout specified by the timeout conn

command.)

Note This option does not apply to outside NAT. The firewall only tracks

connections from a higher security interface to a lower security interface. If

you set max_conns for outside NAT, the max_conns option is ignored.

Actions

This Discussion