FWSM 3.2(1) dns reply get denied after remove the HSRP

Unanswered Question
Oct 23rd, 2007
User Badges:

We have FWSM 3.2(1) context in transparent mode w/o failover but with HSRP for the L3 vlan. We have as the virtual ip, and as HSRP ips. previously, the HSRP vlan interface is shutdown. and everything is working fine.

Yesterday, we try to remove the HSRP, we changed the HSRP ip of to, and removed all HSRP related configuration. Suddenly, we knocked off the clients behind the context.

The error message is

%FWSM-2-106007: Deny inbound UDP from to due to DNS Response

We tried to remove inspect dns 512, no help. Put permit host any 53 any from outside interface in, no help.

I knew 3.2(1) is vulnerable to the ACE corruption bug, but it's just so wired that it just started after we change the HSRP from real to vip.

Any insight?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion