Re: PIX proxy-arp question

From:
Date: 11/14/02 

Date: 14 Nov 2002 22:28:15 GMT

Martin Haberstroh <Martin.Haberstroh@fms-media.com> wrote:
Greetings,

The command you are looking for is:

sysopt noproxyarp <interface>

Here is the only example I could find of its usage on Cisco's site:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00
80094aee.shtml

--Evan

> Hi everybody,

> running a Cisco PIX 515 Version 5.3(2) with proxy-arp following should be
> possible, part of configuration:
> ...
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> nameif ethernet2 dmz security15
> ...
> ip address outside 194.195.196.33 255.255.255.0
> ip address inside 192.168.10.1 255.255.255.0
> ip address dmz 194.195.196.65 255.255.255.192
> ...
> route outside 0.0.0.0 0.0.0.0 194.195.196.1 1
> ...

> as far as I understand proxy-arp it should be possible to run a server in
> dmz with ip address 194.195.196.66 (mask 255.255.255.192,
> gateway194.195.196.65) which can be reached from the outside and it should
> also can connect to systems on the outside. But I didn't find any
> configuration hints/examples.

> What conduit, global, static, nat commands do I have to use, so the server
> can
> a) be reached from the outside (maybe an example with http)?
> b) connect to a system on the outside?

> Thanks for your help

> Martin

Loading