Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Turn off proxy arp replies for same subnet

On a PIX-515 running 6(3)4 code, is there a way to prevent proxy arp responses for hosts on the same subnet? For example, one host wants to get to a website on another host on the same subnet. The first host sends a "who has" request and should get a response from the second host saying "me". What is happening intermittently is that the PIX is replying with its MAC address first. Is there a delay that can be inserted in the PIX's response, or turn it off completely for arp requests between hosts on the same subnet? I can't think of a reason why the PIX would respond.

Thanks in advance.

1 REPLY

Re: Turn off proxy arp replies for same subnet

sysopt noproxyarp

can disable proxy-ARPs on a PIX Firewall interface.

If you disable proxy-arp, then all this does is cause the PIX to ONLY

respond to ARP requests for it's interface address. Any ARP requests

for a global IP in a static statement will be dropped.

If you disabled proxy-arp, then the upstream router (or device

attempting to contact the global IP in the static statement) must either:

a) have a route to the global IP pointing to the PIX interface as the

next hop

b) (if the global IP is on the same segment) then the device can use

static ARP entries

Syed

383
Views
0
Helpful
1
Replies
CreatePlease to create content