We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 617 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


376 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Renee

    Great lab this one … just out of interest I wanted to see what would happen … (the lab was so succcessful i had to try something to mess it up …) … if I also removed the ip default gateway from the host too (as well as removing the default gateway from the webserver) and it still worked … should this have been the case ? and if so can you explain how the #host (ping) could still get to through to the webserver … jsut curious really if you can have a look

    thanks again

  2. Hello AZM

    The ARP request would come from the 3560 router saying “I need the MAC address of the device which has an IP address of” Because ASA0 is configured with the specific NAT configurations, it knows that it must respond to any ARP requests for addresses in the range of to Similarly, ASA1 knows that it is responsible to answer any ARP requests for addresses in the range of to When ASA1 gets the ARP request, it will discard it, while ASA0 will take it and answer with the appropriate MAC address.

    No, this is not possible. If you configured both ASAs to NAT the same external IP address, for example,, then any ARP request coming from the 3560 for this IP address would be responded to by both ASAs. You would essentially have an IP address conflict on the subnet. In order to have this work, the two ASAs must be differentiated based on Port Number, something that cannot be achieved on layers 2 and 3.

    I hope this has been helpful!


29 more replies! Ask a question or join the discussion by visiting our Community Forum