[c-nsp] general nat issue (not cisco)
Aaron Riemer
ariemer at amnet.net.au
Sat Jun 25 20:49:43 EDT 2011
Hey guys,
I have a bit of an oddball query for you all. Lets say I have a linux box
that is acting as a router / fw. there is two segments or LANs. One of the
segments (172.16.0.0/24) has inside hosts while the other connects to a
single cisco router on 10.0.0.0/24.
Now here is the weird part. The cisco router is not within our
administrative control and cannot be configured. It cannot route to the
172.16.0.0 network. There is one host say 172.16.0.50 that needs to
communicate with the cisco router 10.0.0.1. Ok no problem I will use a
static NAT to convert 172.16.0.50 to say 10.0.0.50 when exiting the
10.0.0.0/24 interface.
The problem: I see the NAT taking place but then the cisco has to ARP for
the MAC of 10.0.0.50. the linux gateway does not respond to these ARP
requests and therefore communication fails.
The first thing that comes to mind here is gratuitous ARP. But how do I get
the linux gateway to issue these gratuitous ARPs for the virtual NAT
address? How does the cisco ASAs take care of this problem?
Any advice would be greatly appreciated J
Thanks!
Aaron.
More information about the cisco-nsp
mailing list