Strange DMZ behavior after upgrade to ASA 8.4(4)

Unanswered Question

I upgraded a pair of ASA 5520s from ASA 8.3 to ASA 8.4(4) this week and now my DMZ hosts cannot reliably communicate with eachother. I have a DMZ network of configured. is the ASA/Gateway and is one host and is another host. These two hosts had no problem communicating with eachother before the upgrade. Now, they usually cannot communicate with eachother. Occasionally they can communicate, but only for a few minutes. What is strange is I never had any access lists for these hosts to talk with eachother before the upgrade (because their traffic to eachother should have never reached the firewall) but now I needed to create an access list on the DMZ interface allowing these two hosts to talk. ICMP works fine, but only if the ACL is in place. TCP rarely works.

I started a TAC but Cisco seems to be stumped.

Any ideas?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Julio Carvajal Thu, 05/24/2012 - 10:51
User Badges:
  • Purple, 4500 points or more

Hello Dylan,

Looks like  a problem with the NAT ( ARP issues) can you provide us your configuration.




This Discussion

Related Content