[c-nsp] Strange Pix Firewall issue. Proxy Arp
Brad Case
overkillxx at gmail.com
Wed Sep 30 22:34:50 EDT 2009
Hi there,
I am having a very strange isse on a Pix firewall:
The following is configured:
nameif vlan2512 INSIDE security22
nameif vlan2100 OUTSIDE security20
ip address INSIDE 192.168.35.129 255.255.255.128 standby 192.168.35.130
ip address OUTSIDE 192.168.35.1 255.255.255.128 standby 192.168.35.2
# Identity NAT statement:
static (INSIDE,OUTSIDE) 192.168.35.128 192.168.35.128 netmask
255.255.255.128
With the above configuration I am getting a strange thing happening with
proxy arp. If a server on the INSIDE interface does a ARP request for an IP
in the same subnet range as the INSIDE interface for an IP address other
than 192.168.35.129 or 192.168.35.130, the firewall is replying to it. Can
anybody explain the reason why this behaviour would be occuring with the
above?
More information about the cisco-nsp
mailing list