I am working on yet another firewall upgrade from 6.3(4) to 7.0(7), and there is a bunch of networks some as large as class Bs that are statically nated with norandomseq option enabled. None of the more senior staff know why these statements were originally implemented.
I read the 6.3 command reference, and it suggests that you *may* want to do this ie. disabling randomseq when you have firewalls inline. My question is how do I identify any other applications that may break when I move to 7.0(7) please? Last time I put all the static statements in, and BGP did not come up. I now know why. I just want to catch any other possible similar issues I may run into this time.
Ideally I like to do this before the upgrade. But if you know of any troubleshooting methods to catch these issues after the upgrade, I appreciate it.
I am posting this as a follow up to the BGP question, as I am trying to catch other incompatibilities similar to the BGP issue. Is there an online document that may contain more of these possible scenarios? I do not want to wait for customers to report the issue. I have already identified the BGP peers that are on either side of this firewall, and will create a policy for BGP with MD5 for the two peers.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...