ASA 7.0 to 8.0

Unanswered Question
Oct 20th, 2007

Upgraded a 5510 to 8.0 yesterday. At some point last night all access to inside services from the outside stopped. After several hours of complete frustration today trying to get it back up I found that a command had been added.

sysopt noproxyarp outside

Why would this have been added from the upgrade? Basically the outside router could not arp any of the addresses inside the firewall which prevented the outside services from functioning. I removed it and everything worked again. The reason it worked originally is because the arp was cached in the outside router for 4 hours. Wouldn't you think that would disabled by default?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rleivaoc Sat, 10/20/2007 - 23:49

Do you have the ASA boot-up output when you reloaded the ASA after the upgrade? This will show us what the upgrade script changed, and why.

acomiskey Mon, 10/22/2007 - 05:52

No I don't sorry. I was too busy trying to get the clients services back up and running.

Actions

This Discussion