Adding static arp to ASA5505

I have a checkpoint R76 software blade with directly connected interface to my ASA5505.

I have done automatic static NAT for one of my objects in checkpoint R76, by doing automatic static NAT checkpoint R76 will actually do a proxy arp if my hosts is trying to reach the destination NATted address, however for some reason unknown till now my hosts could not reach the DNAT host.

During troubleshooting I found that there was no ARP entry in my ASA. Hence I did a static arp entry.

arp inside 172.16.0.8 000c.29f1.b774 alias
arp inside 172.16.0.9 000c.29f1.b774 alias

Where 172.16.0.8 is the DNAT of CENTOS server and 172.16.0.9 is the DNAT of HTTP file server.

The keyword alias means this ARP entry will not expire.

The mac address 000c.29f1.b774 belongs to the Checkpoint R76 software blade interface that directly connects to my ASA.

Advertisements
This entry was posted in ASA/PIX, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s