I installed new 525s with FoS7.0.4 to replace my two 515s with FoS6.3. However, the 525s wont pass traffic or reply to inside devices when pinged/etc. I verified that the configs are identical (as much as possible with the syntax changes). The primary 525 can ping the outside world fine, and the inside world fine (and the DMZ). The hosts inside cant ping outside. I verified that the ACLs were applied to the correct interfaces, and I saw no odd logging errors. Is it possible that there is some convergence time across the switch fabric of the new mac/ip entry for the new firewall inside interface? Other ideas?
So, you didn't do anything in particular. I am having the same problem and am guessing that it is an ARP issue. What did you do to resolve? Reboot switch, router that the pix points to for it's route outside. Reboot IPS if you have one. Let me know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...