In an Ethernet environment, ARP is used to resolve IP to MAC addresses. With ASA, when you configure an IP Address for an interface, then it adds a mapping of the interface IP address to MAC address. Any host sending ARP request to reach the ASA interface, the ASA sends a ARP reply.
Now when you configure a virtual telnet and host is sending an ARP request to the virtual address, the ASA needs to reply to it. Only if you configure static rule for the virtual address, the ASA will add a mac address mapping of it's interface for the virtual IP address. Now the ASA send APR reply. With regards Kings On Mon, Apr 26, 2010 at 2:33 PM, Jimmy Larsson <[email protected]> wrote: > Yeah, I understand that. But the task is about traffic TO the ASA not thru > it. Why doing a static for the virtual ip? Anyone? > > Br Jimmy > > > 2010/4/26 Stojanco Cavdarov <[email protected]> > > Hi Jimmy >> >> I can't answer why is needed, but we had huge discussion for static NAT, >> and if I understood it, the conclusion was that >> >> static (inside,outside) 1.1.1.1 2.2.2.2, and >> static (outside,inside) 2.2.2.2 1.1.1.1 >> >> ... will do the same thing. So if you're using (in,out) incomming packets >> with src OR dst address 2.2.2.2 will be translated to 1.1.1.1, outgoing >> packets from OR to: 1.1.1.1 will be translated to 2.2.2.2 >> >> I might be wrong on this though. >> >> On Mon, Apr 26, 2010 at 10:03 AM, Jimmy Larsson <[email protected]>wrote: >> >>> Hi >>> >>> In task 1.9 I create a virtual-telnet for authentication of inbound >>> traffic. But why is the "static (inside,outside) 192.1.24.9 192.1.24.9" >>> needed? I telnet to the virtual ip from outside (R2). Why static? and why to >>> inside? >>> >>> Br Jimmy >>> >>> >>> -- >>> ------- >>> Jimmy Larsson >>> Ryavagen 173 >>> s-26030 Vallakra >>> Sweden >>> http://blogg.kvistofta.nu >>> ------- >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >> > > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
