02-05-2009 06:02 AM - edited 03-11-2019 07:46 AM
Hi,
I have an issue with my ASA where if i point a default route from the WAN router to the firewall i get incomplete arp records on the router and i cant get to anything behind the firewall. But if i put the specific statics in to the subnets behind the firewall everything works fine.
What is the problem with my firewall does it need proxy arp enabling to respond on behalf of these subnets.
Thanks
Kev
02-05-2009 11:26 AM
Kevin,
I am assuming the inside interface of the WAN router and the outside interface of the ASA share the same public address space? I am also assuming you are attempting to access RFC-1918 address space on the inside interface of the ASA?
To get traffic from a lower security interface (outside) to a higher security interface (inside) on PIX/ASA firewalls you need static statements.
02-05-2009 11:44 PM
Eddie,
Hi this is a customer of ours.
Its not a public its on a 10 range.
We supply them with internet access but that is a different router.
Let me know anymore info you need.
Cheers
Kev
02-06-2009 05:26 AM
Kev,
Is "nat-control" enabled on the ASA?
Please reference the following document:
02-06-2009 05:34 AM
Plz provide the configs
it would help to narrow down the problem much better
02-09-2009 12:50 AM
Hi,
Unfortunately i cant provide the configs because its not our firewall.
All i can tell you is that there is a default route to the firewall which is advertised via bgp.
So traffic follows the default route the follows the connected route because it is more specific than the default so it is relying on ARP for the ip addresses and they are incomplete for anything it seems behind the customer firewall.
Cheers
Kev
02-18-2009 11:18 AM
Hi,
Did you ever resolve? Sounds somewhat familiar to a problem that I am having.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide