Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Proxy arp on a firewall

Hello All,

Could you tell me the reason behind enabling proxy arp on the PIX ?

What is its significance?

Thanks

Iyer

1 REPLY
Hall of Fame Super Blue

Re: Proxy arp on a firewall

Hi

Arp is used to obtain a mac address from an IP address. For a machine to send a packet to another machine on the same network it needs to obtain the mac-address of that machine.

Now lets say you have this statement on your pix

static (inside,outside) 206.156.17.1 192.168.1.2 netmask 255.255.255.255

which says present the internal address of 192.168.1.2 as a public ip address 206.156.17.1 to users on the outside of the pix.

Proxy arp allows the pix to respond to arp requests for hosts behind it. So when an arp request is made for 206.156.17.1 the pix will respond with it's own mac-address, receive the IP packets and forward them on to the internal host 192.168.1.2.

Without proxy arp outside hosts would not be able to reach the 192.168.1.2 server.

HTH

Jon

446
Views
9
Helpful
1
Replies
CreatePlease to create content