Does the ASA issue a gratiutous ARP for connected VPN clients when using the group policy VLAN command?
I understand how to seperate VPN clients to specifc tunnel groups and to a specfic VLAN on the inside, but if I have multiple groups and VLAN's with overlapping routes that point to seperate FW's, can I avoid the use of internal facing routes (since there is only one routing table) and just let the ASA dump the traffic into the specified VLAN and let gratuitous ARP entries (via static NAT) on the FW, that is on the same VLAN, take it from there? On the return path, does the ASA issue a gratuitous ARP on the specified VLAN when the VPN client connects and is assigned a DHCP IP? I cannot find any clear documentation on this but it seems to make sense that this is what happens.
group-policy test2 attributes vlan ?? "Specify the VLAN onto which VPN traffic for this group will be forwarded."
Does the ASA issue a gratiutous ARP for connected VPN clients wh
I am having a similiar issue as well.
I currently have two ASA's in a cluster to provide VPN connectivity. For simplicity lets call them ASA-1 and ASA-2. IP addresses are being assigned using local IP pools.
Here is the problem, if I VPN and connect to ASA-1, I will recieve an IP address and be allowed to connect to the network fine. If I disconnect and then reconnect on ASA-2, I can recieve the same IP address, however I cannot go anywhere on the network.
Upon further investigation of our router (which is the 1st internal hop for both ASA's), it was discovered that the ARP cache still had an IP address mapping ot the original ASA (ASA-1). The ARP cache never updated when I connected to ASA-2. If I get a netowrk admin to remove the ARP entry from the router, it automatically learns the correct ARP mapping to ASA-2.
I believe the answer would be to have the ASAs send out a gratuitous ARP (or a simple ARP reply) when a VPN client connects.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...