03-09-2009 02:25 AM - edited 03-11-2019 08:02 AM
Hi,
I'm attempting an upgrade from 12.4-18 to latest 12.4-24T on a 1841 (my point for upgrade is to allow TCP out of order segments through the firewall which seems to have been introduce in 12.4-11T).
The router uses NAT, and a PPP dialer for an ATM (adsl) interface. Its initial configuration was done by SDM, so it has the default SDM low firewall configuration.
When upgrading to 12.4-24T, all the traffic that is not explicitely permitted by the inbound access list of the outside dialer 0 interface is blocked by it, even though a show ip ips inspect all shows all the traffic accepted by the firewall.
It all looks like that the access-lists exceptions were not added in front of my inbound access-lists as it should have been done.
I can post the configuration if needed.
Any ideas on how I can debug this issue?
03-09-2009 01:19 PM
Check the bug toolkit-
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl
We ran into something like this and it was a bug. I don't remember the IOS versions though.
03-10-2009 05:47 AM
Hi,
Thanks for your answer.
Although I couldn't find the issue witht bug toolkit, I upgraded to an older version 12.4-15T8 and it seems to work fine so far, so I think the issue appearead in a subsequent release.
Thanks,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: