access-list has to do something with stateful failover ?
I have to 2 pix firewalls. Due to some reasons primary failed and secondary became active i tried to use FAILOVER ACTIVE command on primary pix but they did,nt switched their tasks then i reload the secondary pix it became standyby again . After that i insalled PDM ver 2.1 on both pix and configured some telnet access ,uptill here everthing was ok .
Before that domain access (port 53) was working fine from outside to inside . After that it stoped working , i call my isp and asked they said that from their side it is working fine and told me to PERMIT ANY and check whether it works or not . I did it and it is working fine . I did,nt changed the access-list then how it stopped working ? and as soon as i had applied permit any any it started working ? It was working fine before . What could be the possible problem ?
Re: access-list has to do something with stateful failover ?
When configurations that worked fine before suddenly start behaving strangely, what I do is to power cycle the device in question. That does the trick most of the times. If that dosen't work, the next best thing would be to clear the configuration and simply paste a new copy of the original configuration (if you have maintained one... an essential as per any good practices doc). If that does not solve your problem, you should probably look at bug CSCdv74182 that talks of a similar state where the active unit starts using the failover IP under certain conditions and the traffic stops. See if you are facing a similar situation and if indeed you are, you'll need to go in for an IOS upgrade. This was fixed in 6.2(1).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...