Upgrade from 12.4 to 12.4T, ios firewall not working?
I'm attempting an upgrade from 12.4-18 to latest 12.4-24T on a 1841 (my point for upgrade is to allow TCP out of order segments through the firewall which seems to have been introduce in 12.4-11T).
The router uses NAT, and a PPP dialer for an ATM (adsl) interface. Its initial configuration was done by SDM, so it has the default SDM low firewall configuration.
When upgrading to 12.4-24T, all the traffic that is not explicitely permitted by the inbound access list of the outside dialer 0 interface is blocked by it, even though a show ip ips inspect all shows all the traffic accepted by the firewall.
It all looks like that the access-lists exceptions were not added in front of my inbound access-lists as it should have been done.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...