https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708374#M558060 <HTML><HEAD></HEAD><BODY><P>A Capture on the outside interface (Source Context) shows a SYN being sent but nothing else. Also no hits on the ACL (Outside) so I do not think it is even getting to the Destination Context (inside)</P></BODY></HTML> Tue, 12 Apr 2011 14:40:36 GMT DSPVGAdmin 2011-04-12T14:40:36Z https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708368#M558053 <P>I have a Cisco 6500 running FWSM version 3.1(10)</P><P></P><P>Have muliple contexts</P><P></P><P>ACL's are configured on 2 contexts to allow single hosts to communicate over TCP 7780 (HTTP)</P><P></P><P>No Communication or Denys or Hits on ACL's</P><P></P><P>Reseting the VLAN on source Context temp fixes the problem (5mins Max)</P><P></P><P>Any Idea's ?</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 20:19:52 GMT https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708368#M558053 DSPVGAdmin 2019-03-11T20:19:52Z https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708369#M558054 <HTML><HEAD></HEAD><BODY><P>Hi Simon,</P><P></P><P>Do you have relevant static NAT command for the hosts? When the FWSM exists in the multiple context mode, the traffic is sent to a context depending on 3 criteria: unique interface, unique MAC address or unique NAT translation. If your interfaces are being shared, then a unique translation is needed for the traffic to be forwarded to the correct context.</P><P></P><P>Regards,</P><P>Anu.</P><P></P><P>P.S.: Please mark the question answered, if it has been resolved. Do rate helpful posts. Thanks.</P></BODY></HTML> Tue, 12 Apr 2011 11:42:41 GMT https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708369#M558054 Anu M Chacko 2011-04-12T11:42:41Z https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708370#M558055 <HTML><HEAD></HEAD><BODY><P>Would this be the case if I was not running NAT control and both contexts are the same security level.</P><P></P><P>I never see this issue until a reload of the Cisco 6500 last week.</P><P></P><P>Thanks</P></BODY></HTML> Tue, 12 Apr 2011 11:45:31 GMT https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708370#M558055 DSPVGAdmin 2011-04-12T11:45:31Z https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708371#M558056 <HTML><HEAD></HEAD><BODY><P>Hi Simon,</P><P></P><P>If everything was working fine before the reload, then maybe some configuration was not saved before it reloaded. Was all that&nbsp; configuration saved before the reload? What are the syslogs you see on&nbsp; the FWSM now, when you try to send the traffic through it?</P><P></P><P>Regards,</P><P>Anu.</P></BODY></HTML> Tue, 12 Apr 2011 13:28:50 GMT https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708371#M558056 Anu M Chacko 2011-04-12T13:28:50Z https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708372#M558057 <HTML><HEAD></HEAD><BODY><P>Anu,</P><P></P><P>Yes as 100% I can be the config are the same, we are also get no output in syslogs, no connections built. The statis nat on the source context is</P><P></P><P>(outsdie,inside) x.x.79.x&nbsp; x.x.79.x 255.255.255.248 - so it is for the whole subnet - the incoming context does not have the statis nat applied</P><P></P><P>Simon</P></BODY></HTML> Tue, 12 Apr 2011 13:33:18 GMT https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708372#M558057 DSPVGAdmin 2011-04-12T13:33:18Z https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708373#M558058 <HTML><HEAD></HEAD><BODY><P>Simon,</P><P></P><P>Did you take captures on the outside interface? Do you see packets coming into the firewall? Can you put in a specific static NAT command for the destination IP address and test?</P><P></P><P>Thanks,</P><P>Anu.</P></BODY></HTML> Tue, 12 Apr 2011 14:00:43 GMT https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708373#M558058 Anu M Chacko 2011-04-12T14:00:43Z https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708374#M558060 <HTML><HEAD></HEAD><BODY><P>A Capture on the outside interface (Source Context) shows a SYN being sent but nothing else. Also no hits on the ACL (Outside) so I do not think it is even getting to the Destination Context (inside)</P></BODY></HTML> Tue, 12 Apr 2011 14:40:36 GMT https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708374#M558060 DSPVGAdmin 2011-04-12T14:40:36Z https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708375#M558062 <HTML><HEAD></HEAD><BODY><P>Simon,</P><P></P><P>That is because after the FWSM receives the SYN packet from the sender on the outside, it does not know to which context it has to send it to. Put in the following and test if it works.</P><P></P><P>static(inside,outside) <DEST ip="" address=""> <DEST ip="" address=""></DEST></DEST></P><P></P><P>Thanks,</P><P>Anu.</P></BODY></HTML> Tue, 12 Apr 2011 16:09:49 GMT https://community.cisco.com/t5/network-security/fwsm-communication-issue/m-p/1708375#M558062 Anu M Chacko 2011-04-12T16:09:49Z