I have a customer which does some dynamic L2L-VPNs from PIX501s to a 5510 ASA.
When the tunnel establishes th frst time everything is ok.
But after re-establishing it from the 501-side (because of DSL-forced-disconnection) TCP/ICMP-Traffic is ok.
UDP Traffic isn't routed anymore into the tunnel, the packets appear on the outside-interface! Unencrypted!
We saw this with etherreal and we can reproduce it.
Background: Server behind ASA communicates with devices behind PIX on fixed UDP-Port.
Is this a bug? How can we overcome this issue?
ASA has 8.0.(4)28, PIX is on 6.3(5)
Thank you for response.