SRX Services Gateway
SRX Services Gateway

NAT and ARP

‎02-09-2012 04:14 PM

When traffic comes into a SRX which has a static or destination NAT, the ARP request will be for the NATed address right?

 

So if we nat something like 2.2.2.2 to 10.2.2.2, the ARP will happen after the NAT, and it will be for 10.2.2.2..... Is that correct?

3 REPLIES 3
SRX Services Gateway

Re: NAT and ARP

‎02-09-2012 04:45 PM

 

Hi Luca,

 

I think you are talking about Proxy-Arp because for the Static-Nat and Destination NAT proxy arp is used.

 

Now first of all the proxy arp is used for the ip address if the ingress interface and the NAT ip are in same subnet.
In case they are in diff subnets the next hop box will send it using routing table.

 

e.g

Internet---100.100.100.1--Internet-Gatewy-2.2.2.1------2.2.2.3--SRX--

2.2.2.2 is Static Nat to 10.2.2.2

Now the 2.2.2.1 will ask for arp for 2.2.2.2 since 2.2.2.2 and 2.2.2.1 are in same subnet.
For correct packet flow the srx needs to reply for this ip.Hence you configure proxy arp for this.

 

Thus the ARP request will always be for Public ip which is natted to the private ip.

 

Hope this helps.

 

Regards,

Visitor

--------------------------------------------------​--------------------------------------------------​---

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

 

SRX Services Gateway

Re: NAT and ARP

‎02-09-2012 06:46 PM

No, i'm not talking about proxy ARP, i understand how that works.

 

I'm talking about normal ARP.  Once an address has been NATed  i would assume an ARP still needs to occur for the destination address...  Other wise the firewall wouldn't know where to send the traffic

SRX Services Gateway

Re: NAT and ARP

‎02-09-2012 08:51 PM
Hi,

You are correct. If the destination is in the same subnet as that of the srx egress interface ip address,the srx will arp for that ip. And if it of different subnet then it will point it via the closest matched route from the routing table.

Hope this helps.

Regards,
Visitor
--------------------------------------------------​--------------------------------------------------​---
If this post was helpful, please mark this post as an Accepted Solution. Kudos are always appreciated!