Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Does ASA repond to ARP requests?

Hi All,

I have 2 5520 ASAs for serving remote access VPN sessions. I have configured the switch ports for both ASAs in a community private vlan.

I have a need where the VPN clients need to talk to each other. If I reconfigure the ASA port to a regular switchport vlan, will the clients be able to talk to each other?

Does the ASA respond to ARP requests? Also, do I need to permit same security traffic in order for the clients to talk?

thanks,

2 REPLIES

Re: Does ASA repond to ARP requests?

Hello Meena,

"If I reconfigure the ASA port to a regular switchport vlan"

Why would you need that? An Interface needs and IP address to have an arp table, or function as proxy-arp as requested.

If all you need is connectivity between outside VPN clients, all you need is same-security-traffic permit intra-interface

Dont know if your ASAs are in failover mode, but assuming not, and if you need VPN client connected to ASAx to be able to talkt to VPN client connected to Y, all you need is a simple static route in firewalls.

Please describe more, if I have misunderstood the issue.

Regards

New Member

Re: Does ASA repond to ARP requests?

Yes, I misunderstood that hair-pinning the traffic and allowing the same-security interface traffic are same. I did not want to hair-pin the traffic but now I realized that they are 2 different things.

Also, the ASAs are in a cluster and so they are in a community vlan for the VCA (hearbeats) to work.

I had to permit the same security interface traffic permitted to solve the problem.

Thanks for your help.

113
Views
0
Helpful
2
Replies