What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

You want to implement Static Destination NAT in order to provide external. Internet users access to an internal Webserver that has a reserved (RFC 1918) IP address You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

You want to implement Static Destination NAT in order to provide external. Internet users access to an internal Webserver that has a reserved (RFC 1918) IP address You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

A.
Place a static host route on the firewall for the valid IP address to the internal Web server.

B.
Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address.

C.
Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.

D.
Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Azmi

Azmi

B.
Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address.

Oleksandr

Oleksandr

Yes – the answer is “B”. “C” cannot be the right answer because proxy ARP on ISP router helps upstream router to direct traffic to ISP router but this cannot be used to direct traffic to Security Gateway. Only static ARP entry do that.