I have 2 pix firewalls in failover mode. All of a sudden the primary started dropping all traffic on the inside interface.
when doing a sh log I was seeing litterally hundreds of Deny UDP reverse path check errors on the inside interface. the log counter was going up hundreds in seconds with these messages.
so I turned off the primary firewall and the standby kicked in and there are no issues at all. as soon as you turn the primary back on same problem, all traffic on inside is dropped.
I have the
ip verify reverse-path interface inside
command turned on so its doing its job if its spoofing but why am I not seeing the same problem on the secondry firewall once that has become active?
Im stumped with this
oh yeah and the ip address source in the log message is a 169.254.127.47 so 169.254.255.255 which the last two octets in the source address changing all the time.