I'm looking at using the IOS Firewall feature set with stateful failover between two 2900 series routers. I have been working with a configuration that involves the "inside" being WAN interfaces on two different subnets and the "outside" being two LAN interfaces on the same subnet using HSRP. In reading the datasheet there were two configurations mentioned but mine isn't exactly either.
What I am seeing is the sessions not sycning up. I have tried reversing the inside/outside roles and they were sycing the sessions across. You could see them by using the "show ip inspect sessions" command and validate the HEX value of the sessions. Now I see the sessions on the HSRP active router but not the HSRP standby router.
I have enabled several different debugs but I'm not getting a lot of output and even with I clear the active sessions for the ip inspect ha session I don't really get anything.
Anyone have any tips for getting a configuration similar to this working?