EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #156 background imageLoading...
Page #156 background image
5-10
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 5 Configuring the Transparent or Routed Firewall
Configuring ARP Inspection for the Transparent Firewall
Note The transparent firewall uses dynamic ARP entries in the ARP table for traffic to and from the adaptive
security appliance, such as management traffic.
Detailed Steps
Step 1 Choose the Configuration > Device Setup > ARP > ARP Static Table pane.
Step 2 (Optional) To set the ARP timeout for dynamic ARP entries, enter a value in the ARP Timeout field.
This field sets the amount of time before the adaptive security appliance rebuilds the ARP table, between
60 to 4294967 seconds. The default is 14400 seconds. Rebuilding the ARP table automatically updates
new host information and removes old host information. You might want to reduce the timeout because
the host information changes frequently.
Step 3 Click Add.
The Add ARP Static Configuration dialog box appears.
Step 4 From the Interface drop-down list, choose the interface attached to the host network.
Step 5 In the IP Address field, enter the IP address of the host.
Step 6 In the MAC Address field, enter the MAC address of the host; for example, 00e0.1e4e.3d8b.
Step 7 To perform proxy ARP for this address, check the Proxy ARP check box.
If the adaptive security appliance receives an ARP request for the specified IP address, then it responds
with the specified MAC address.
Step 8 Click OK, and then Apply.
What to Do Next
Enable ARP inspection according to the “Enabling ARP Inspection” section on page 5-10.
Enabling ARP Inspection
This section describes how to enable ARP inspection.
Detailed Steps
Step 1 Choose the Configuration > Device Setup > ARP > ARP Inspection pane.
Step 2 Choose the interface row on which you want to enable ARP inspection, and click Edit.
The Edit ARP Inspection dialog box appears.
Step 3 To enable ARP inspection, check the Enable ARP Inspection check box.
Step 4 (Optional) To flood non-matching ARP packets, check the Flood ARP Packets check box.
By default, packets that do not match any element of a static ARP entry are flooded out all interfaces
except the originating interface. If there is a mismatch between the MAC address, the IP address, or the
interface, then the adaptive security appliance drops the packet.
If you uncheck this check box, all non-matching packets are dropped, which restricts ARP through the
adaptive security appliance to only static entries.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals