[c-nsp] ASA 5510 - NAT

Peder @ NetworkOblivion peder at networkoblivion.com
Mon Aug 21 14:01:19 EDT 2006 

Let me guess, you have "alias" enabled, right?  If so, then the "sysopt 
noproxyarp" listed below will fix it.  It is obscurely listed in the 
docs somewhere that you need to disable proxyarp if you use alias.


Joseph Jackson wrote:
> Try this on the interface givng you the problem.  Sysopt noproxyarp
> (interface)
> 
>  
> 
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net 
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gordon Bezzina
>> Sent: Monday, August 21, 2006 8:39 AM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] ASA 5510 - NAT
>>
>>
>> Hi,
>>
>> Instead of jumping of a three story building I'm gonna send 
>> this email.
>> Maybe someone will see what I am failing to!
>>
>> Anyhow, I got an ASA5510 PIX firewall. What is happening is 
>> that the internal machines on the LAN are getting the mac 
>> address of the internal firewall interface for the other machines.
>>
>> SO as you can see below:
>>
>> C:\Documents and Settings\Administrator>arp -a
>>
>> Interface: 172.21.100.130 --- 0x10003
>>   Internet Address      Physical Address      Type
>>   172.21.100.140        00-17-95-27-3f-80     dynamic
>>   172.21.100.254        00-17-95-27-3f-80     dynamic
>>
>> Server with IP 172.21.100.130 cannot ping and work with 
>> 172.21.100.140 Because it tries to use the same MAC address 
>> of the firewall!!!
>>
>> Obviously if I do a static mac record to the arp table, it 
>> will work fine But there must be something wrong here.
>>
>> Anyone got something similar?
>>
>> Any hints?
>>
>> Thanks/Regards
>> Gordon
>>
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 

-- 

Network stuff you didn't know....
http://www.networkoblivion.com

More information about the cisco-nsp mailing list