Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

no ip redirects / no ip unreachables

Should 'no ip redirects' & 'no ip unreachables' be applied to all the interfaces of a router.

Is it applicable to ASA as well ?

Hall of Fame Super Silver

Re: no ip redirects / no ip unreachables

Redirects make sense on multi-access interfaces such as Ethernet and not so much on other types of interfaces (point to point, etc). So it makes sense to configure no ip redirects on all Ethernet interfaces but not so much sense on serial interfaces etc.



New Member

Re: no ip redirects / no ip unreachables

And how about ip proxy-arp ?

Hall of Fame Super Blue

Re: no ip redirects / no ip unreachables

Well you certainly don't want to turn this off (sysopt proxy-arp) on an ASA interface that is doing NAT ie.

static (inside,outside) netmask

you need the proxy-arp on the ASA or the static statement wouldn't work as the ASA needs to respond for addresses that are not actually connected to any interface.

As for internally, no in general you shouldn't need it as long as you are not relying on any internal clients resolving arp queries for clients it thinks are local but are actually on the other side of a router. Not as common as it used to be.