Hello,

Here is my issue I have a 6509 loaded with the following cards.

1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX

2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX

3 6 Firewall Module WS-SVC-FWM-1

4 6 Firewall Module WS-SVC-FWM-1

5 2 Supervisor Engine 720 (Active) WS-SUP720-3B

6 2 Supervisor Engine 720 (Hot) WS-SUP720-3B

7 8 Intrusion Detection System WS-SVC-IDSM-2

8 8 Intrusion Detection System WS-SVC-IDSM-2

9 2 IPSec VPN Accelerator WS-SVC-IPSEC-1

We changed from a 100mb to a 1gig tls connection between two of our sites. When we did this everything seemed to be working fine going out. Our testers failed to do the outside in tests which we found to be having an issue with only web traffic later in the day.

Quick breakdown of traffic flow. Three Context firewalls Internet connection Network monitoring connection VPN connection and two department connections.

The Primary Context firwall consists of a VPN interface DMZ interface Outside and Inside interfaces. This then gets dropped into the msfc to route to one of the other two contexts depending on which department the traffic is flowing to. Currently the second two contexts are setup to be wide open and they both travel across a trunk port using the TLS.

When we switched from the 100mb tls which was plugged into an rj45 port on the first 48port switch to the 1000gb tls which was plugged into an SFP plugged into 5/1 the primary Sup720 everything seemed to be working. Just some external connections coming in from the web and some connections in from the DMZ interface on the Primary Context.

Steps we took in attempt to resolve this problem was to clear the arp-cache and clear routes thinking it had something to do with cef but neither worked. So we switched back to the 100mb tls and everything came right back up.

If anyone has some suggestions I’d really appreciate it.

Patrick