FWSM 3.2(1) dns reply get denied after remove the HSRP

Unanswered Question
Oct 23rd, 2007

We have FWSM 3.2(1) context in transparent mode w/o failover but with HSRP for the L3 vlan. We have 10.10.73.1 as the virtual ip, and 10.10.73.2-3 as HSRP ips. previously, the 10.10.73.3 HSRP vlan interface is shutdown. and everything is working fine.

Yesterday, we try to remove the HSRP, we changed the HSRP ip of 10.10.73.2 to 10.10.73.1, and removed all HSRP related configuration. Suddenly, we knocked off the clients behind the context.

The error message is

%FWSM-2-106007: Deny inbound UDP from 192.168.8.8/53 to 10.10.73.248/1410 due to DNS Response

We tried to remove inspect dns 512, no help. Put permit host any 53 any from outside interface in, no help.

I knew 3.2(1) is vulnerable to the ACE corruption bug, but it's just so wired that it just started after we change the HSRP from real to vip.

Any insight?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion