Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5520 and interface proxy arp setting

What are the porpose of proxy arps setting, and how should be be setup?

3 REPLIES
Hall of Fame Super Blue

Re: ASA 5520 and interface proxy arp setting

Hi

Proxy-arp allows the ASA device to respond to an ARP for hosts that are behind it. So if you have a static mapping eg.

static (inside,outside) 195.167.10.1 192.168.5.1 netmask 255.255.255.255

when a machines on the outside of the ASA arps for 195.167.10.1 the ASA replies with the MAC address of it's outside interface and then forwards the packet on to the internal address of 192.168.5.1.

Attached is a troubleshooting doc for ASA/Pix connectivity issues. Have a look at number 11 in the list which explains proxy-arp in a bit more detail.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009402f.shtml#trouble

HTH

Jon

New Member

Re: ASA 5520 and interface proxy arp setting

Thankx for your reply, It looks like we have to enable ouside interface's proxy arps, but do we have to enable proxy arps for inside and dzm interfaces?

Hall of Fame Super Blue

Re: ASA 5520 and interface proxy arp setting

It depends on your static mappings ie. if you map things between the DMZ and the inside you would need it on the DMZ interface.

As for the inside, again it depends on whether you are wanting to present outside destinations as different addresses to your inside clients.

Jon

Jon

805
Views
0
Helpful
3
Replies
CreatePlease login to create content