I just spent two days trying to get IP passthrough from cellular working with a Cisco ASA. It appears that the new Opengear 4.3.1 code introduced a bug.
The Opengear broadcasts an ARP to get the MAC address of the Cisco interface. The first such ARP correctly has the source IP set as the IP of the cellular gateway. However, subsequent ARPs have the IP address set to the Opengear's management IP address. Since this IP is not in the subnet on the ASA's outside interface, the ASA will reject it, and communications comes to a screeching halt.
The fix is to use this command on the ASA: arp permit non-connected
I have verified that this appears to be a bug with Opengear support.
No comments:
Post a Comment