Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Issue with ASA

Hi,

I have an issue with my ASA where if i point a default route from the WAN router to the firewall i get incomplete arp records on the router and i cant get to anything behind the firewall. But if i put the specific statics in to the subnets behind the firewall everything works fine.

What is the problem with my firewall does it need proxy arp enabling to respond on behalf of these subnets.

Thanks

Kev

6 REPLIES

Re: Issue with ASA

Kevin,

I am assuming the inside interface of the WAN router and the outside interface of the ASA share the same public address space? I am also assuming you are attempting to access RFC-1918 address space on the inside interface of the ASA?

To get traffic from a lower security interface (outside) to a higher security interface (inside) on PIX/ASA firewalls you need static statements.

New Member

Re: Issue with ASA

Eddie,

Hi this is a customer of ours.

Its not a public its on a 10 range.

We supply them with internet access but that is a different router.

Let me know anymore info you need.

Cheers

Kev

Re: Issue with ASA

Kev,

Is "nat-control" enabled on the ASA?

Please reference the following document:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml#backinfo

Re: Issue with ASA

Plz provide the configs

it would help to narrow down the problem much better

New Member

Re: Issue with ASA

Hi,

Unfortunately i cant provide the configs because its not our firewall.

All i can tell you is that there is a default route to the firewall which is advertised via bgp.

So traffic follows the default route the follows the connected route because it is more specific than the default so it is relying on ARP for the ip addresses and they are incomplete for anything it seems behind the customer firewall.

Cheers

Kev

New Member

Re: Issue with ASA

Hi,

Did you ever resolve? Sounds somewhat familiar to a problem that I am having.

103
Views
0
Helpful
6
Replies
CreatePlease to create content