[c-nsp] ASA replying to ARP packets for other hosts...
Joseph Jackson
JJackson at aninetworks.com
Tue Sep 5 14:20:27 EDT 2006
Proxy arp is turned on by default on all interfaces of the pix/asa. You
can turn it off by doing sysopt noproxyarp (interface). The only
interface that it has to be on is the outside interface. As a side note
is the dmz switch also a switch for another subnet? (you know using
vlans?) I had the same problem when use a vlan'd switch for 3 differnet
dmz's.
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Jonathan Charles
> Sent: Tuesday, September 05, 2006 10:32 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] ASA replying to ARP packets for other hosts...
>
> I have an ASA 5510 that is replying to every ARP packet with
> its own MAC address.
>
> I have a DMZ with about 10 hosts on it. They all have a
> 255.255.255.224mask, and the ASA is replying to all ARP packets.
>
> I did a packet capture, and you can see the host replying to
> the ARP request, then you see the ASA replying to it (with
> its own MAC address).
>
> All the pings are failing.
>
> Any ideas?
>
>
>
> Jonathan
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list