Proxy Arp to replying to all requests



  • While setting up a srx 210 i found some problems which prevented me for completing the installation at this site.
    So i set up a simple config to diagnose the problem, But even with the most basic of configs i cant get it to work proberly.

    I have the setup the following as a test:

    At the site I have a Cable internet connection, The provider supplied a pre-configured modem (Cisco EPC3925). On the Lan ports of this modem I have a public routable subnet xx.xx.xx.8/29. The modem is connected to the SRX on port 0/7 and I have configured that interface with ip .14/29.  Set a static route to the Cable modem, and setup a source nat and some access rules. And I run a ping to google.com

    Great I have internet connectivity.
    Now I want to assign ip xx.xx.xx.11/32 to client1. I use the familiar static nat and proxy-arp config. Used this same command with different customers with no problems.

    static {
        rule-set static-nat-upc {
            from zone UPC;
            rule 11 {
                match {
                    destination-address xx.xx.xx.11/32;
                }
                then {
                    static-nat prefix 10.3.80.100/32;
                }
            }
        }
    }
    proxy-arp {
        interface fe-0/0/7.0 {
            address {
                xx.xx.xx.11/32;
            }
        }
    }
    
    

    Client1 now has no access to the internet, to find out why I started to capture the traffic between the modem and the SRX.

    Notice that the SRX is not sending a ARP reply to 10.124.49.239 !.
    So I send a ping to the modem:

    Now the SRX sends a arp reply to the modem and I can reach it.
    So my question is: Why is the SRX not sending arp reply’s to 10.124.49.239 but is sending them to xx.xx.xx.9, And how do I change that  :?


 

26
Online

38.5k
Users

12.7k
Topics

44.5k
Posts