ASA has no 'fixup' on by default

I see that if you are upgrading a PIX from 6.x to 7.x, your fixup's get converted to MPF commands, and that's fine. However it seems that a brand new ASA out of the box does not have this enabled. You need to copy your fixups from your old 6.x config (assuming you are indeed upgrading replacing) or get the block of default config and paste it into the ASA to get the equivalent functionality. I read some on CCO that gave the impression that these fixups were on by default and you only need touch MPF config if you wanted to change something. This is definately not the case, as I had to manually put the inspect ftp config into an ASA to get active ftp working.

Anyone confirm this ? Anyone have a direct link to a doc that substaniates this ? Anyone from Cisco care to tell us why what has been there by default for years is now 'off' by default ? Thanks.

Reply to
cf_0x2102
Loading thread data ...

I can't confirm it but I will give you an FYI. inspect http doesn't work in 7.0.4. It causes the Pix/ASA to reboot every couple of hours. There's a TAC bug on it if you want to do some searching. FYI since we're talking about inspects.

J
Reply to
J

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.