HP VPN Firewall Appliances Network Management Configuration Guide
257
Configuring proxy ARP
Proxy ARP can be configured only at the CLI.
Overview
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network.
With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on
the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
• Common proxy ARP—Allows communication between hosts that connect to different Layer-3
interfaces and reside in different broadcast domains.
• Local proxy ARP—Allows communication between hosts that connect to the same Layer-3 interface
and reside in different broadcast domains.
Common proxy ARP
A proxy ARP enabled device allows hosts that reside on different subnets to communicate.
As shown in Figure 171, Firewall connect
s to two subnets through GigabitEthernet 0/1 and
GigabitEthernet 0/2. The IP addresses of the two interfaces are 192.168.10.99/24 and
192.168.20.99/24. Host A and Host B are assigned the same prefix 192.168.0.0. Host A connects to
GigabitEthernet 0/1 and Host B connects to GigabitEthernet 0/2.
Figure 171 Application environment of proxy ARP
Because Host A and Host B have the same prefix 192.168.0.0, Host A considers that Host B is on the
same network, and it broadcasts an ARP request for the MAC address of Host B. However, Host B cannot
receive this request because it is in a different broadcast domain.
You can enable proxy ARP on GigabitEthernet 0/1 of the firewall so that the firewall can reply to the ARP
request from Host A with the MAC address of GigabitEthernet 0/1, and forward packets sent from Host
A to Host B. In this case, the firewall acts as a proxy of Host B.
A main advantage of proxy ARP is that you can enable it on a single device without disturbing routing
tables of other devices in the network. Proxy ARP acts as the gateway for hosts that are not configured
with a default gateway or do not have routing capability.