I have IOS Version 15.2(3)T and configured Zone Based firewall on it.
There is a log message that I would like to make sure that I read correctly:
%FW-6-DROP_PKT: Dropping tcp session 10.100.216.60:25 XXX.XXX.XXX.XXX:61581 on zone-pair outside-to-inside class FROMINTERNET-IN-cmap due to Stray Segment with ip ident 0
Logically I read that my internal host (SMTP server with static NAT) - 10.100.216.60 was accessed by some other host from public interbnet XXX.XXX.XXX.XXX and there was some problem with this connection.
But what is confusing is that if the reported zone-pair is outside-to-inside, then why order of IP addresses or hosts in the log message is not the same way i.e. XXX.XXX.XXX.XXX should be the first one and 10.100.216.60 should be the second one, according to the zone outside-to-inside.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...