In a very weird behavior, I see that ASA running 8.4(4)1 is not doing route-lookup and taking routing decisions just based on nat statements.
I have a firewall running older 8.2(2)16 code as well and it does route-lookup before forwarding packet. Why has the behavior changed in pre-8.3 and 8.3+ versions?
This default ASA behavior is causing lots of problems for us. I understand that we can force route-lookup to happen using "route-lookup" option while adding nat statements, but I am interested in knowing why Cisco has made no route-lookup as the default option.
The feature was introduced to provide more flexibility to your nat configurations. I would suggest you go through this exlanation for your question in the release notes:
In 8.4(2) and later, the default behavior for identity NAT was changed to match the behavior of other static NAT configurations: proxy ARP is enabled, and the NAT configuration determines the egress interface (if specified) by default. You can leave these settings as is, or you can enable or disable them discretely
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...