Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Don_Paterson
Advisor
Advisor

Gaia Cloning Group and Proxy ARP and VMAC

Hello,

sk106592 (NAT fails on Security Gateway when using Gaia Cloning Groups)

The SK states (today) that:

Symptoms
  • NAT fails on Security Gateway / Cluster members when using Gaia Cloning Groups.
Cause

- Proxy ARP entries were configured via Gaia Cloning Groups.

- Cloning Groups are not appropriate for Proxy ARP entries, as these entries must present the MAC address of the physical device.

- Configuring Proxy ARP via the Cloning Group would cause the Security Gateway to respond with an incorrect MAC address to an ARP Request.

---------------------------------------------------------------------------------------------------------------------------------------

I have just added a comment to ask for a review of the SK.

1. If I understand correctly and it is the case that Proxy ARP is not supported in Gaia Cloning Groups then why is it a Shared Feature and should it not be removed if it not supported?

2. If is is somehow supported then does it support VMAC mode? 

Screenshot:

Thanks,

Don

0 Kudos
1 Reply
Maarten_Sjouw
Champion
Champion

This is not due to the VMAC not being supported, but to setup proxy ARP with a VMAC you need to use this format:

add arp proxy ipv4-address <NAT-IP> macaddress <VMAC> real-ipv4-address <Member IP>

So each member will have it's own IP address in the last field.

So in fact Proxy ARP should not be part of a cloning group, you can test it by enabling the ARP item in the cloning group and then try to add a proxy ARP, if it tells you it is a part of the cloning group, just add a space in front of the line and you will see it will accept the command.

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events