Cisco ASA 5505 Configuration Manual page 363
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 18
Information About Routing
Disabling Proxy ARPs
When a host sends IP traffic to another device on the same Ethernet network, the host needs to know the
MAC address of the device. ARP is a Layer 2 protocol that resolves an IP address to a MAC address. A
host sends an ARP request asking "Who is this IP address?" The device owning the IP address replies,
"I own that IP address; here is my MAC address."
Proxy ARP is used when a device responds to an ARP request with its own MAC address, even though
the device does not own the IP address. The adaptive security appliance uses proxy ARP when you
configure NAT and specify a mapped address that is on the same network as the adaptive security
appliance interface. The only way traffic can reach the hosts is if the adaptive security appliance uses
proxy ARP to claim that the adaptive security appliance MAC address is assigned to destination mapped
addresses.
In rare circumstances, you might want to disable proxy ARP for NAT addresses.
If you have a VPN client address pool that overlaps with an existing network, the adaptive security
appliance by default sends proxy ARPs on all interfaces. If you have another interface that is on the same
Layer 2 domain, it will see the ARP requests and will answer with the MAC address of its interface. The
result of this is that the return traffic of the VPN clients towards the internal hosts will go to the wrong
interface and will get dropped. In this case, you need to disable proxy ARPs for the interface where you
do not want proxy ARPs.
To disable proxy ARPs, go to the Configuration > Device Setup > Routing > Proxy ARPs pane.
Fields
•
•
•
•
OL-20339-01
Interface—Lists the interface names.
Proxy ARP Enabled—Shows whether proxy ARP is enabled or disabled for NAT global addresses,
Yes or No.
Enable—Enables proxy ARP for the selected interface. By default, proxy ARP is enabled for all
interfaces.
Disable—Disables proxy ARP for the selected interface.
Cisco ASA 5500 Series Configuration Guide using ASDM
Disabling Proxy ARPs
18-11
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
