Thread: problem with manual static nat
View Single Post
  #3 (permalink)  
Old 2008-04-18
sebastan_bach sebastan_bach is offline
Senior Member
  
Join Date: 2005-10-12
Posts: 322
Rep Power: 4
sebastan_bach has an average reputation (10+)
Send a message via Yahoo to sebastan_bach
Default Re: problem with manual static nat
hi abu thanks a lot for ur reply. u mean to say everytime i have a manual static nat i will have to add a manual arp entry in the firewall.

in my scenario if u see that the static nat address is not in the same subnet of the external interface of the firewall. so when the outside device does a AND operation for reaching 60.1.1.1 which is the static nat of the internal host. the deivce knows that 60.1.1.1 is in different network so will do a arp for the external interface of the gateway itself right. cause on the outside device i have a route for 60.1.1.1 pointing to the external interface of the firewall.

so can u pls tell me why do we need the arp entry on the firewall cause the packet will be send to the firewall by the external device.

is the requirement of the firewall to accept a packet for a static nat address it needs a manual arp entry.

but then i find it ridiculous cause if i have 100 manual static nat entries i will have to add 100 manual aro entries as well on the firewall.

cause in cisco asa when firewall automatically accepts frames and does proxy-arp for static nat addresses .

waiting for ur reply mate.

thanks once again.

regards

sebastan
Reply With Quote