I've got a 3825 running 12.4(24)T with a WLCM module installed in it. We are currently configuring this device for deployment (very soon!).
I have some zone based firewall rules setup. Basically so our WCS server at our main campus can talk to the WLCM.
There is a VPN crypto-map applied to my outside interface (gig0/0) which connects back to our main campus network (220.127.116.11/16). VPN connectivity appears to be working without any issues.
IP address of my WCS server on my main campus is 18.104.22.168.
My WLCM's local IP address is 10.2.1.5 (global is 22.214.171.124).
The problem is on initial boot of the 3825, SNMP/ICMP/HTTP/HTTPS connectivity to the WLCM from my WCS server works fine. But, what will randomly happen after 10 minutes to several hours (it is random) SNMP connectivity will cease to the WLCM from my WCS server-- but I can still ping/HTTP/HTTPS to the WLCM from the WCS server.
All syslog is reporting when connectivity ceases is:
%FW-6-DROP_PKT: Dropping udp session 126.96.36.199:40869 10.2.1.5:161 with ip ident 0
I have changed the policy-maps for OUTSIDE-TO-VLAN1 and VLAN1-TO-OUTSIDE zone-pairs to "inspect" instead of "pass log" and still experience the same problem.
I'll paste relevant portions of the configuration file to look at. I don't understand why I'm seeing this behavior, as the MAN-NETS ACL contains all the correct IP's to communicate.
If I turn of the zone based firewall, everything works fine without any problems.
I've also tried downgrading to 12.4(22)T1 and experience the same issue.
Thanks for any suggestions you guys can provide!