Or, the devices on the inside network have an incorrect mask
mike On Wed, Sep 30, 2009 at 11:00 PM, David White, Jr. (dwhitejr) < dwhit...@cisco.com> wrote: > Hi Brad, > > The below static would not cause the behavior you describe. > Are you sure you don't have another "static (outside,inside)..." > statement which covers the network range of the inside network? > > As a temporary workaround you can most likely disable proxy-arps on the > inside interface via 'sysopt noproxyarp inside'. > > Sincerely, > > David. > > > Brad Case wrote: > > Hi there, > > > > I am having a very strange isse on a Pix firewall: > > > > The following is configured: > > > > nameif vlan2512 INSIDE security22 > > nameif vlan2100 OUTSIDE security20 > > > > ip address INSIDE 192.168.35.129 255.255.255.128 standby 192.168.35.130 > > ip address OUTSIDE 192.168.35.1 255.255.255.128 standby 192.168.35.2 > > > > # Identity NAT statement: > > > > static (INSIDE,OUTSIDE) 192.168.35.128 192.168.35.128 netmask > > 255.255.255.128 > > > > With the above configuration I am getting a strange thing happening with > > proxy arp. If a server on the INSIDE interface does a ARP request for an > IP > > in the same subnet range as the INSIDE interface for an IP address other > > than 192.168.35.129 or 192.168.35.130, the firewall is replying to it. > Can > > anybody explain the reason why this behaviour would be occuring with the > > above? > > _______________________________________________ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/