Cisco ASA Series Cli Configuration Manual page 613

Chapter 1 Routing Overview
EIGRP (continued)
Shared interfaces in two contexts
may have multiple EIGRP
instances running on them.
The interaction of EIGRP
instances across shared
interfaces is supported.
All CLIs that are available in single mode are also available in multiple context mode.
Each CLI has an effect only in the context in which it is used.
Route Resource Management
A resource class called routes has been introduced, which specifies the maximum number of routing
table entries that can exist in a context. This resolves the problem of one context affecting the available
routing table entries in another context and also allows you greater control over the maximum route
entries per context.
Because there is no definitive system limit, you can only specify an absolute value for this resource limit;
you may not use a percentage limit. Also, there are no minimum and maximum limits per context, so the
default class does not change. If you add a new route for any of the static or dynamic routing protocols
(connected, static, OSPF, EIGRP, and RIP) in a context and the resource limit for that context is
exhausted, then the route addition fails and a syslog message is generated.
Disabling Proxy ARPs
When a host sends IP traffic to another device on the same Ethernet network, the host needs to know the
MAC address of the device. ARP is a Layer 2 protocol that resolves an IP address to a MAC address. A
host sends an ARP request asking "Who is this IP address?" The device owning the IP address replies,
"I own that IP address; here is my MAC address."
Proxy ARP is used when a device responds to an ARP request with its own MAC address, even though
the device does not own the IP address. The ASA uses proxy ARP when you configure NAT and specify
a mapped address that is on the same network as the ASA interface. The only way traffic can reach the
hosts is if the ASA uses proxy ARP to claim that the MAC address is assigned to destination mapped
addresses.
Under rare circumstances, you might want to disable proxy ARP for NAT addresses.
If you have a VPN client address pool that overlaps with an existing network, the ASA by default sends
proxy ARPs on all interfaces. If you have another interface that is on the same Layer 2 domain, it will
see the ARP requests and will answer with the MAC address of its interface. The result of this is that the
return traffic of the VPN clients towards the internal hosts will go to the wrong interface and will get
dropped. In this case, you need to disable proxy ARPs for the interface on which you do not want proxy
ARPs.
To disable proxy ARPs, enter the following command:
OSPFv2 (continued)
Shared interfaces in two contexts
may have multiple OSPF
instances running on them.
The interaction of OSPFv2
instances across shared
interfaces is supported.
Cisco ASA Series CLI Configuration Guide
Disabling Proxy ARPs
Route Maps
and Prefix Lists (continued)
N/A
N/A
1-11