Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Francesco_Scati
Explorer

Proxy ARP on SMB

Hi,

I'm not sure if it is the Proxy ARP the problem but I'm running an issue with SMB 1490 (77.20.87 990173004) centrally managed via a DMS R80.20.

Often an IPSEC tunnel through the 1490 it goes down and the issue it seems NAT related. I did a capture on the inside interface (P2P with the Cisco Router and the CP 1490) when the IPSEC tunnel was down and some packets are not translated properly.

In the capture I see the private IP of the P2P interace instead of the Public one, if I shut/no shut the tunnel on the cisco router, then it starts to work again and the packet are trasleted porperly.

Since we have manual NAT rules configured (because we have also load balance in place) I'm not sure if the Proxy ARP settings are correct.

 

NAT Rules are defined (before automatic rules) as below:

No | Oiginal Source  |  original Destination    |   Service    |    Transl. Source    |   Transl. Destination    |    Transl. Services   |

1.   |  Cisco (Priv.IP)  |               Any                    |      Any       |    Public IP ISP1     |        Original                  |       Original              |

2.   |       Any               |    Public IP ISP1             |      Any       |         Original          |        Cisco (Priv.IP)        |       Original              |

3.   |  Cisco (Priv.IP)  |               Any                    |      Any       |    Public IP ISP2     |        Original                  |       Original              |

4.   |       Any               |    Public IP ISP2             |      Any       |         Original          |        Cisco (Priv.IP)        |       Original              |

 

In Global Properties I had only Automatic ARP Configuration and I just enabled also Merge Manual proxy ARP configuration. I did this change just this morning so it's under monitoring but I would like to know if any others changes are required under $FWDIR/conf/local.arp.

 

Thank you!

Regards

 

Francesco

 

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Are you using the same private IP in rules 1 and 3?
0 Kudos
Francesco_Scati
Explorer

Hi,
in the original source and in translated destination yes it's the same Ip due to the ISP Redundancy but also disabling the rules nr.3 and nr.4 the behavior it's the same.

Thank you.

Francesco.
0 Kudos
PhoneBoy
Admin
Admin

If the issue is seeing the private IP on the public side, it's not a proxy arp issue, it's something else.
Probably something the TAC needs to investigate.
0 Kudos