Filter
Top Products
CHAPTER
54-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
54
Configuring Routing Policies on Firewall Devices
The Routing section in Security Manager contains pages for defining and managing routing settings for
security appliances.
This chapter contains the following topics:
• Configuring No Proxy ARP, page 54-1
• Configuring OSPF, page 54-2
• Configuring OSPFv3, page 54-22
• Configuring RIP, page 54-40
• Configuring Static Routes, page 54-48
Configuring No Proxy ARP
When a host sends IP traffic to another device on the same Ethernet network, the host needs to know the
MAC address of the device. Address Resolution Protocol (ARP) is a Layer 2 protocol that resolves an
IP address to a MAC address: a host sends an ARP request asking “Who is this IP address?” The device
owning the IP address replies, “I own that IP address; here is my MAC address.”
With Proxy ARP, a device responds to an ARP request with its own MAC address, even though the device
does not own the IP address. Serving as an ARP Proxy for another host effectively directs network traffic
to the proxy, in this case your security appliance. Traffic that passes through the appliance is then routed
to the appropriate destination.
For example, the security appliance uses proxy ARP when you configure NAT and specify a global
address that is on the same network as the appliance interface. The only way traffic can reach the
destination hosts is if the appliance claims and subsequently routes traffic to the destination global
addresses.
By default, proxy ARP is enabled for all interfaces. Use the No Proxy ARP page to disable proxy ARP
for global addresses:
• To disable proxy ARP for one or more interfaces, enter their names in the Interfaces field. Separate
multiple interfaces with commas. You can click Select to choose the interfaces from a list of
interfaces defined on the device, and interface roles defined in Security Manager.
Note On ASA 8.4.2 and later devices operating in routed mode, you can disable Proxy ARP on the egress
interface for a Manual NAT rule. See Do not proxy ARP on Destination Interface in Add and Edit NAT
Rule Dialog Boxes, page 23-35 for more information.