Just a question,
when using the high availability feature of an ASA, this synchronizes the
state of a tcp connection. With the HA of IOS NAT, this only synchronizes
the translation table. If a session is already in progress, and your primary
router dies, the connection would switch over to the backup router via
dynamic routing (when not using HSRP). Does the zone based firewall require
an initial connection? I don't think it does because the IOS firewall does
not maintain a state table like the ASA does. So when a failure happens, and
you have zone based firewalls also configured, does this allow the
previously created session (created on the now defunct primary router) to
flow though the backup IOS firewall?
