[c-nsp] ASA 5510 - NAT

Brant I. Stevens branto at branto.com
Mon Aug 21 18:42:10 EDT 2006 

Also check to make sure that you don't have any static (inside,blah)
statements that are overlapping with the address space that is local to the
interface in question.


On 8/21/06 5:59 PM, "Joseph Jackson" <JJackson at aninetworks.com> wrote:

> I'd turn off proxyarp for all interfaces other than the outside
> interface of course.
> 
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peder
>> @ NetworkOblivion
>> Sent: Monday, August 21, 2006 11:01 AM
>> To: Cisco-NSP Mailing List
>> Subject: Re: [c-nsp] ASA 5510 - NAT
>> 
>> Let me guess, you have "alias" enabled, right?  If so, then
>> the "sysopt noproxyarp" listed below will fix it.  It is
>> obscurely listed in the docs somewhere that you need to
>> disable proxyarp if you use alias.
>> 
>> 
>> Joseph Jackson wrote:
>>> Try this on the interface givng you the problem.  Sysopt noproxyarp
>>> (interface)
>>> 
>>>  
>>> 
>>>> -----Original Message-----
>>>> From: cisco-nsp-bounces at puck.nether.net
>>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gordon
>>>> Bezzina
>>>> Sent: Monday, August 21, 2006 8:39 AM
>>>> To: cisco-nsp at puck.nether.net
>>>> Subject: [c-nsp] ASA 5510 - NAT
>>>> 
>>>> 
>>>> Hi,
>>>> 
>>>> Instead of jumping of a three story building I'm gonna send this
>>>> email.
>>>> Maybe someone will see what I am failing to!
>>>> 
>>>> Anyhow, I got an ASA5510 PIX firewall. What is happening
>> is that the 
>>>> internal machines on the LAN are getting the mac address of the
>>>> internal firewall interface for the other machines.
>>>> 
>>>> SO as you can see below:
>>>> 
>>>> C:\Documents and Settings\Administrator>arp -a
>>>> 
>>>> Interface: 172.21.100.130 --- 0x10003
>>>>   Internet Address      Physical Address      Type
>>>>   172.21.100.140        00-17-95-27-3f-80     dynamic
>>>>   172.21.100.254        00-17-95-27-3f-80     dynamic
>>>> 
>>>> Server with IP 172.21.100.130 cannot ping and work with
>>>> 172.21.100.140 Because it tries to use the same MAC address of the
>>>> firewall!!!
>>>> 
>>>> Obviously if I do a static mac record to the arp table, it
>> will work 
>>>> fine But there must be something wrong here.
>>>> 
>>>> Anyone got something similar?
>>>> 
>>>> Any hints?
>>>> 
>>>> Thanks/Regards
>>>> Gordon
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>> 
>>> 
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
>>> 
>> 
>> -- 
>> 
>> Network stuff you didn't know....
>> http://www.networkoblivion.com
>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list