From: Scott M Vermillion (scott_ccie_list@it-ag.com)
Date: Fri Mar 27 2009 - 17:32:05 ART
Yes, let's reserve the use of the word "buggy" for anything to do with
SP features and technologies in IOS. ;~)
On Mar 26, 2009, at 3:39 , Tony Schaffran (GS) wrote:
> I am not sure if I would use the word 'buggy' when it comes to ASA
> code.
> Although, it could be a little better in the QA department, it is
> not half
> as bad as Microsoft. I do not know of any software that does not
> have a bug
> or two in it.
>
> I have never had an ASA do anything other than what I programmed it
> to do
> and everything I programmed it to do, it has executed. IPSEC, VPN,
> NAT,
> OSPF & BGP routing, contexts and more. I have configured some off
> the wall
> weird stuff on the ASA's and if there was an issue, there was
> usually a good
> workaround for it.
>
> Maybe the term 'buggy' is used too often when somebody does not
> understand
> something fully. To many people, it is easier to blame the hardware
> or
> software than it is take a closer look at their own skills.
>
> I am not implying anything personal toward you, this is just a general
> observation.
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> Muhammad Nasim
> Sent: Thursday, March 26, 2009 1:56 PM
> To: Uyota Oyearone
> Cc: Alexei Monastyrnyi; security@groupstudy.com; Cisco certification
> Subject: Re: Fishy ASA dynamic NAT behavior after IP address change
>
> did u perform clear xlate command before restart.
> somtime clear commands do the trick
>
> ASA code is very buggy to be honest
>
>
> 2009/3/26 Uyota Oyearone <spycharlies@gmail.com>
>
>> Not sure if this helps u. Sometimes ASA does not understand what is
> outside
>> and inside when doing NAT, it ends up screwing my whole routing.
>> The only
>> way i have been able to solve this, was to create an exception rule.
>>
>>
>> Uyota.
>>
>>
>>
>> On Tue, Mar 24, 2009 at 2:10 PM, Alexei Monastyrnyi <alexeim73@gmail.com
>>> wrote:
>>
>>> Hi Group.
>>>
>>> Just wonder if someone has come across this.
>>>
>>> I was changing IP address on ASA 8.0(4) system which does selective
>> dynamic
>>> PAT like below, about 30 such N-pairs.
>>> nat (inside) 0 access-list nonat
>>> nat (inside) N access-list xyz
>>> global (outside) N IP-address/pool
>>>
>>> After IP change on outside interface, dynamic part NAT engine
>>> stopped
>>> working. And it was a lot of [Scanning] messages severity 4 in the
>>> log.
>> Show
>>> xlat showed only static PAT entries, all traffic which was
>>> supposed to
>> get
>>> NATted or go via nonat ACL was just black-holed.
>>>
>>> shut/no shut on outside interface didn't do. The only way I could
>>> fix it
>> is
>>> by ASA unit reload.
>>>
>>> I checked open caveats for 8.0(40 are open/relosved for higher
>>> interim
>>> releases, no luck.
>>>
>>> Shall one expect restarting productin systems after IP address
>>> chenge?
>>> Sounds na bit uts. :-)
>>>
>>> Hints are appreciated.
>>>
>>> Cheers,
>>> A
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:07 ART