Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
24-11
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 24 Routing Overview
Disabling Proxy ARPs
The ASA correctly recognizes and processes the IPv6 address. However, you must enclose the IPv6
address in square brackets ([ ]) in the following situations:
You need to specify a port number with the address, for example:
[fe80::2e0:b6ff:fe01:3b7a]:8080.
The command uses a colon as a separator, such as the write net command and config net command,
for example:
configure net [fe80::2e0:b6ff:fe01:3b7a]:/tftp/config/asaconfig.
Disabling Proxy ARPs
When a host sends IP traffic to another device on the same Ethernet network, the host needs to know the
MAC address of the device. ARP is a Layer 2 protocol that resolves an IP address to a MAC address. A
host sends an ARP request asking “Who is this IP address?” The device owning the IP address replies,
“I own that IP address; here is my MAC address.”
Proxy ARP is used when a device responds to an ARP request with its own MAC address, even though
the device does not own the IP address. The ASA uses proxy ARP when you configure NAT and specify
a mapped address that is on the same network as the ASA interface. The only way traffic can reach the
hosts is if the ASA uses proxy ARP to claim that the MAC address is assigned to destination mapped
addresses.
Under rare circumstances, you might want to disable proxy ARP for NAT addresses.
If you have a VPN client address pool that overlaps with an existing network, the ASA by default sends
proxy ARPs on all interfaces. If you have another interface that is on the same Layer 2 domain, it will
see the ARP requests and will answer with the MAC address of its interface. The result of this is that the
return traffic of the VPN clients towards the internal hosts will go to the wrong interface and will get
dropped. In this case, you need to disable proxy ARPs for the interface on which you do not want proxy
ARPs.
To disable proxy ARPs, perform the following steps:
Step 1 Choose Configuration > Device Setup > Routing > Proxy ARPs.
The Interface field lists the interface names. The Proxy ARP Enabled field shows whether or not proxy
ARP is enabled (Yes) or disabled (No) for NAT global addresses.
Step 2 To enable proxy ARP for the selected interface, click Enable. By default, proxy ARP is enabled for all
interfaces.
Step 3 To disable proxy ARP for the selected interface, click Disable.
Step 4 Click Apply to save your settings to the running configuration.