Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
0
Helpful
1
Replies

Proxy ARP

kareem.afifi
Level 1
Level 1

‎04-09-2008 06:42 AM - edited ‎03-11-2019 05:29 AM

Greetings,

I'm having a problem with turning off Proxy ARP on the DMZ interface of my firewall. Right now I have 2 DMZ's and i'm trying to turn Proxy ARP off 1 of the interfaces. The reason i'm doing this is that we just recently upgraded our Citrix enivronment with 2 appliances called a Netscaler. The work together and need to communicate with each other so if one fails the other one takes over as the master.

The netscalers are located in my DMZ and communicate with the outside world and the blade servers. Also located in the DMZ are a few other boxes. Mainly my website server and email server. When I turn proxy arp off everything with in the DMZ loses some sort of communication. I have Solarwinds and HPinsight monitoring both of those servers and they lose connection to those devices on the DMZ. They list both nodes as down. Also my website goes down and my email's dont function proply. I can send an email from the Inside world to the outside world (gmail+blackberry) but when I try to send them back it it doesn't get delievered. It ends up getting queued until i turn proxy arp back on and everything gets full connectivity. If i was to guess it sounds like it's mainly the communication with the DMZ to the Inside network.

I'm trying to work with Cisco Tech's but they haven't been helpfull thus far. I've been advised to put the netscalers on a seperate interface from everything else and turn proxy arp off. 1 problem i don't have any more interfaces on teh PIX 515E. All are used up.

Has anybody run into anything like this before. I have a L3 switch on the inside network doing all of my routing. I also have a L2 switch in the DMZ where all of the devices are connected to.

Thanks for your help

Labels:
0 Helpful
1 Reply 1

rajbhatt
Level 3
Level 3

‎04-10-2008 03:35 AM

Hi ,

If u need to turn off proxy arp it has to be for all interfaces . U cannot turn it off for separate interfaces .Plz redesign the boxes .

Raj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card