Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
1
Replies

sysopt noproxyarp

navnit
Level 1
Level 1

‎07-13-2006 07:43 PM - edited ‎03-09-2019 03:34 PM

Hi,

I m having following PIX-appliance

-------------------------------------

Cisco PIX Security Appliance Software Version 7.0(4)

Device Manager Version 5.0(4)

Compiled on Thu 13-Oct-05 21:43 by builders

System image file is "flash:/image"

Config file at boot was "startup-config"

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: Ext: Ethernet0 : address is 0017.9514.7706, irq 10

1: Ext: Ethernet1 : address is 0017.9514.7707, irq 11

2: Ext: Ethernet2 : address is 000e.0caf.f2ee, irq 11

Licensed features for this platform:

Maximum Physical Interfaces : 3

Maximum VLANs : 10

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has a Restricted (R) license.

-------------------------------------

by-default in this version "sysopt noproxyarp <int>" has been enabled. The problem with this default setting is, static one-to-one nat is not happing. Even i m not getting arp of natted ip in appliance itself.

But if i apply "no sysopt noproxyarp <int>", static one-to-one nat is happing as well as getting arp of natted ip in appliance. Please let me know whtats the reason behind this

Labels:
0 Helpful
1 Reply 1

Fernando_Meza
Level 7
Level 7

‎07-13-2006 08:04 PM

Hi by adding the command no sysopt noproxyarp you are actually allowing the Firewall to do proxy arps on behalf of your hosts which should be the correct set and default set up. However as you have done .. I have found instances when I have to do a no sysopt noproxyarp manually ( allowing the pIx to respond to ARP requests on the respective interface ).

I hope it helps ... please rate if it it does !!!

0 Helpful
Customers Also Viewed These Support Documents