From: KRATTIGER Lukas (Lukas.KRATTIGER@nextiraone.ch)
Date: Tue Jan 08 2008 - 09:46:07 ARST
Hi Peter
I did see this behavior before on PIX.
After I told HSRP to use BIA (Burned In Address), the problem solved for me.
int fas 0/0
standby X use-bia
Cheers
-Lukas
-----Urspr|ngliche Nachricht-----
Von: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Im Auftrag von Peter Svidler
Gesendet: Dienstag, 8. Januar 2008 12:13
An: ccielab@groupstudy.com; security@groupstudy.com
Betreff: problem between ASA and HSRP router
folks
in real life scenario , I have an ASA connected to Two Routers for internet access , the routers are running HSRP between them ,the ASA has default route to the HSRP VIP address and the setup worked fine for some time
for some reason , a problem happened on the ASA that users from inside the network cannot access the internet , when i do ping from inside to outside i got the following log message on the ASA
%ASA-3-305005: No translation group found for icmp src outside:x.x.x.x dst inside:y.y.y.y (type 8, code 0)
the X.X.X.X refers to the primary router physical IP address ( not the Virtual HSRP ip )
the problem is obviously that the ASA expects to see the VIP however it gets reply from the physical IP
I had to turn off the HSRP for while and things are fine now but I wonder if anyone seen such problem before , is there any thing to be done to force the router to always use the VIP
thanks in advance
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST