i encountered a problem concerning our FWSM. It's configured as a multiple context routed Firewall. There is a context A inside (security level 95), a context B inside (not yet configured) and an admin context. The next hop outside is our 6500 and behind that is my PC "Out". After doing all configuration work, i tried to ping from outside an PC "A" in context A, but that didn't work, although all routes and ACLs were set correctly. After some time, i tried to ping from that PC "A" in context A the PC "Out" on the outside interface, which worked perfectly. After that, i were able to ping from PC "Out" to PC "A". So there is a strange lock-up of the FWSM, when no connections are made or when you initially configure your FWSM. You first have to make a connection from inside to the outside, and from THEN ON, you can connect from the outside to the inside. This behaviour is reproducible, especially when there is no traffic happening (e.g. over night). In the next morning, that stange self-locking happened again: i first had to make a connection (doesn't matter if ping, ssh, etc.) from inside PC "A" to the outside somewhere in order to make a connection from the outside to the inside.
Can anyone explain that behaviour or confirm its existence?
Thanks in advance!