[c-nsp] ASA 5510 - NAT

Joseph Jackson JJackson at aninetworks.com
Mon Aug 21 17:59:05 EDT 2006 

I'd turn off proxyarp for all interfaces other than the outside
interface of course.  

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peder 
> @ NetworkOblivion
> Sent: Monday, August 21, 2006 11:01 AM
> To: Cisco-NSP Mailing List
> Subject: Re: [c-nsp] ASA 5510 - NAT
> 
> Let me guess, you have "alias" enabled, right?  If so, then 
> the "sysopt noproxyarp" listed below will fix it.  It is 
> obscurely listed in the docs somewhere that you need to 
> disable proxyarp if you use alias.
> 
> 
> Joseph Jackson wrote:
> > Try this on the interface givng you the problem.  Sysopt noproxyarp
> > (interface)
> > 
> >  
> > 
> >> -----Original Message-----
> >> From: cisco-nsp-bounces at puck.nether.net 
> >> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gordon 
> >> Bezzina
> >> Sent: Monday, August 21, 2006 8:39 AM
> >> To: cisco-nsp at puck.nether.net
> >> Subject: [c-nsp] ASA 5510 - NAT
> >>
> >>
> >> Hi,
> >>
> >> Instead of jumping of a three story building I'm gonna send this 
> >> email.
> >> Maybe someone will see what I am failing to!
> >>
> >> Anyhow, I got an ASA5510 PIX firewall. What is happening 
> is that the 
> >> internal machines on the LAN are getting the mac address of the 
> >> internal firewall interface for the other machines.
> >>
> >> SO as you can see below:
> >>
> >> C:\Documents and Settings\Administrator>arp -a
> >>
> >> Interface: 172.21.100.130 --- 0x10003
> >>   Internet Address      Physical Address      Type
> >>   172.21.100.140        00-17-95-27-3f-80     dynamic
> >>   172.21.100.254        00-17-95-27-3f-80     dynamic
> >>
> >> Server with IP 172.21.100.130 cannot ping and work with 
> >> 172.21.100.140 Because it tries to use the same MAC address of the 
> >> firewall!!!
> >>
> >> Obviously if I do a static mac record to the arp table, it 
> will work 
> >> fine But there must be something wrong here.
> >>
> >> Anyone got something similar?
> >>
> >> Any hints?
> >>
> >> Thanks/Regards
> >> Gordon
> >>
> >>
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> > 
> 
> -- 
> 
> Network stuff you didn't know....
> http://www.networkoblivion.com
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list