Proxy ARP and One-Armed Acquisition Mode
In case you accept not heard the phrase, “one-armed” acquisition agency that
the router has alone one interface (with added than one IP abode on it).
All it does is accept a packet from the arrangement and alter it to another
router/host on the aforementioned LAN but maybe on addition IP network. This is
sometimes useful, but PIX cannot do this, because its Adaptive Security
Algorithm does not acquiesce any packet to avenue on the aforementioned interface as it
arrived.
Combined with the absence proxy ARP feature, this affection can play
tricks on your routing. For example, if a router is abaft an central interface
and some host sends an ARP appeal for this router’s IP, PIX will
reply instead (or calm with the router) and the packet is forwarded
to the PIX. Here comes the problem: The packet needs to be forwarded
to the absolute router, but PIX cannot do this; the packet cannot avenue on the
same interface.
So, if you adopt to absolutely ascendancy your changeless acquisition and you
have created all changeless routes with actual gateways, it is consistently better
to about-face off proxy ARP on all interfaces; it has a awful addiction of accepting in
the way.