Paul,
Are both HSRP Groups active on the correct device? It is dropping traffic because it doesn't think it should be passing the traffic. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of Paul Stewart Sent: Friday, July 31, 2009 10:18 PM To: [email protected] Subject: [OSL | CCIE_Security] 2a HA Items I get the following when I combine stateful CBAC and Stateful NAT. When I enable Stateful NAT all is well. Stateful CBAC all is well, until you do the reboot that is required to bring the redundancy scheme into sync. Then it seems as though it breaks the stateful nat. Really in this case, stateful nat is unnecessary, because it is all one to one. However, the directions ask for stateful NAT, so I assume that we need to get it so the child sessions can be created. I guess my question is what is the error below trying to tell me? *Aug 1 03:11:57.213: %FW-6-DROP_PKT: Dropping udp session 9.9.156.11:15555 9.9.156.6:15555 due to device running in HA standby mode with ip ident 12839 R6# *Aug 1 03:12:27.213: %FW-6-DROP_PKT: Dropping udp session 9.9.156.11:15555 9.9.156.6:15555 due to device running in HA standby mode with ip ident 13323
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
