GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: PIX problem: response its MAC to ARP request for one [7:102045] posted 08/17/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Perfect! Thanks a lot!


""Neteng""  wrote in message 
news:200508171533.j7HFXie9018412@xxxxxxxxxxxxxxxxx
> Yes, I have
>
> sysopt noproxyarp
> ARP (Address Resolution Protocol) is a layer two protocol that resolves an
> IP address to a physical address, also called a Media Access Controller
> (MAC) address. A host sends an ARP request asking "Who is this IP?" The
> device owning the IP should reply with "Hey, I am the one, here's my MAC
> address."
>
> Proxy ARP refers to a gateway device, in this case, the firewall,
> "impersonating" an IP address and returning its own MAC address to answer 
> an
> ARP request for another device.
>
> The firewall builds a table from responses to ARP requests to map physical
> addresses to IP addresses. A periodic ARP function is enabled in the 
> default
> configuration. The presence of entries in the ARP cache indicates that the
> firewall has network connectivity. The show arp command lists the entries 
> in
> the ARP table. Usually, administrators do not need to manually manipulate
> ARP entries on the firewall. This is done only when troubleshooting or
> solving network connectivity problems.
>
> The arp command is used to add a permanent entry for host on a network. If
> one host is exchanged for another host with the same IP address then the
> "clear arp" command can be used to clear the ARP cache on the PIX.
> Alternatively, you can wait for the duration specified with the arp 
> timeout
> command to expire and the ARP table rebuilds itself automatically with the
> new host information.
>
> The sysopt noproxyarp command is used to disable Proxy ARPs on an 
> interface
> from the command-line interface. By default, the PIX Firewall responds to
> ARP requests directed at the PIX Firewall's interface IP addresses as well
> as to ARP requests for any static or global address defined on the PIX
> Firewall interface (which are proxy ARP requests).
>
> The sysopt noproxyarp if_name command lets you disable proxy ARP request
> responses on a PIX Firewall interface. However, this command does not
> disable (non-proxy) ARP requests on the PIX Firewall interface itself.
> Consequently, if you use the sysopt noproxyarp if_name command, the PIX
> Firewall no longer responds to ARP requests for the addresses in the 
> static,
> global, and nat 0 commands for that interface but does respond to ARP
> requests for its interface IP addresses.
>
> To disable Proxy ARPs on the inside interface:
>
> sysopt noproxyarp inside
> To enable Proxy ARPs on the inside interface:
>
> no sysopt noproxyarp inside
>
>
>
>
> ""Dixon""  wrote in message
> news:200508171433.j7HEXYpN012470@xxxxxxxxxxxxxxxxx
>> A network have a 2003 server ServerA and a PIX515. The connection from my
> PC
>> to ServerA appears intermittently unreacheable. I captured the network
>> traffic and found the PIX respone its MAC to the ServerA IP address ARP
>> request. In the case of ServerA reponse its IP, it will work fine. But
> when
>> PIX reponse its MAC, in my ARP cache, the ServerA IP address map to PIX
> MAC
>> address.
>>
>> I don't know why PIX response to the ARP request even it doesn't have the
> IP
>> address.
>>
>> Anybody met this before?
>>
>> Thanks
>>
>> Dixon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=102045&t=102045
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html