I'm having a problem with turning off Proxy ARP on the DMZ interface of my firewall. Right now I have 2 DMZ's and i'm trying to turn Proxy ARP off 1 of the interfaces. The reason i'm doing this is that we just recently upgraded our Citrix enivronment with 2 appliances called a Netscaler. The work together and need to communicate with each other so if one fails the other one takes over as the master.
The netscalers are located in my DMZ and communicate with the outside world and the blade servers. Also located in the DMZ are a few other boxes. Mainly my website server and email server. When I turn proxy arp off everything with in the DMZ loses some sort of communication. I have Solarwinds and HPinsight monitoring both of those servers and they lose connection to those devices on the DMZ. They list both nodes as down. Also my website goes down and my email's dont function proply. I can send an email from the Inside world to the outside world (gmail+blackberry) but when I try to send them back it it doesn't get delievered. It ends up getting queued until i turn proxy arp back on and everything gets full connectivity. If i was to guess it sounds like it's mainly the communication with the DMZ to the Inside network.
I'm trying to work with Cisco Tech's but they haven't been helpfull thus far. I've been advised to put the netscalers on a seperate interface from everything else and turn proxy arp off. 1 problem i don't have any more interfaces on teh PIX 515E. All are used up.
Has anybody run into anything like this before. I have a L3 switch on the inside network doing all of my routing. I also have a L2 switch in the DMZ where all of the devices are connected to.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...