Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FWSM 3.2(1) dns reply get denied after remove the HSRP

We have FWSM 3.2(1) context in transparent mode w/o failover but with HSRP for the L3 vlan. We have as the virtual ip, and as HSRP ips. previously, the HSRP vlan interface is shutdown. and everything is working fine.

Yesterday, we try to remove the HSRP, we changed the HSRP ip of to, and removed all HSRP related configuration. Suddenly, we knocked off the clients behind the context.

The error message is

%FWSM-2-106007: Deny inbound UDP from to due to DNS Response

We tried to remove inspect dns 512, no help. Put permit host any 53 any from outside interface in, no help.

I knew 3.2(1) is vulnerable to the ACE corruption bug, but it's just so wired that it just started after we change the HSRP from real to vip.

Any insight?