[c-nsp] ASA 5510 - NAT
Francois Corthésy
fc at deckpoint.com
Mon Aug 21 12:55:21 EDT 2006
Hi Gordon,
I truly don't know the 5510, but it sounds to me like you have something
like "ip local-proxy-arp" on the lan interface.
Or maybe something similar.
Francois Corthésy
Gordon Bezzina wrote:
> Hi,
>
> Instead of jumping of a three story building I'm gonna send this email.
> Maybe someone will see what I am failing to!
>
> Anyhow, I got an ASA5510 PIX firewall. What is happening is that the
> internal machines on the LAN are getting the mac address of the internal
> firewall interface for the other machines.
>
> SO as you can see below:
>
> C:\Documents and Settings\Administrator>arp -a
>
> Interface: 172.21.100.130 --- 0x10003
> Internet Address Physical Address Type
> 172.21.100.140 00-17-95-27-3f-80 dynamic
> 172.21.100.254 00-17-95-27-3f-80 dynamic
>
> Server with IP 172.21.100.130 cannot ping and work with 172.21.100.140
> Because it tries to use the same MAC address of the firewall!!!
>
> Obviously if I do a static mac record to the arp table, it will work fine
> But there must be something wrong here.
>
> Anyone got something similar?
>
> Any hints?
>
> Thanks/Regards
> Gordon
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
More information about the cisco-nsp
mailing list