https://community.cisco.com/t5/network-security/forwarding-loop-fwsm-in-vss-chassis/m-p/1524715#M579331 <HTML><HEAD></HEAD><BODY><P>I am not sure if I follow you. You are saying that when you traceroute you do not see the FWSM as a hop? Well the firewall never shows itself as a hop. On the ASA there is a way to decrement TTL but not on the FWSM.</P><P></P><P>If the arp entry is correct pls. check the "sh mac-address-table vlan <NUMBER>" and see if the FWSM mac is seen on the vlans that it firewalls.</NUMBER></P><P></P><P>You are correct there is no FWSM code 7.2.1</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-fwsm">http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-fwsm</A><BR /> <BR /> Click on the All new releases will be available "here"<BR /> <BR /> The latest in the 3.1.x train 3.1.(19)<BR /> The latest in the 4.0 train is 4.0.13<BR /> The latest in the 3.2 train is 3.2.(19)<BR /> The latest in the 4.1 train is 4.1(3)<BR /> ASDM is asdm-62(1)f.bin</P><P></P><P>-KS</P></BODY></HTML> Mon, 29 Nov 2010 00:09:43 GMT Kureli Sankar 2010-11-29T00:09:43Z https://community.cisco.com/t5/network-security/forwarding-loop-fwsm-in-vss-chassis/m-p/1524714#M579330 <P>We have a but of an oddity. We have an FWSM in a 6500 VSS stack, and some traffic appears to be forwarded back to the switch.</P><P></P><P>We have a transit LAN between the VRF on the 6500 and the FWSM. All routing appears correct - the route via the FWSM points to the IP of the FWSM. The Arp entry is correct, but for some entries that should be beyond the firewall if we do a tracert from the 6500 all responses are the outgoing interface address of the 6500.</P><P></P><P>I was told the SW was 7.2.1., but that does not appear valid for FWSM!</P><P></P><P>Some addresses for the target VLAN seem OK!</P><P></P><P>Has anyone seen similar?</P> Mon, 11 Mar 2019 19:15:11 GMT https://community.cisco.com/t5/network-security/forwarding-loop-fwsm-in-vss-chassis/m-p/1524714#M579330 paul.matthews 2019-03-11T19:15:11Z https://community.cisco.com/t5/network-security/forwarding-loop-fwsm-in-vss-chassis/m-p/1524715#M579331 <HTML><HEAD></HEAD><BODY><P>I am not sure if I follow you. You are saying that when you traceroute you do not see the FWSM as a hop? Well the firewall never shows itself as a hop. On the ASA there is a way to decrement TTL but not on the FWSM.</P><P></P><P>If the arp entry is correct pls. check the "sh mac-address-table vlan <NUMBER>" and see if the FWSM mac is seen on the vlans that it firewalls.</NUMBER></P><P></P><P>You are correct there is no FWSM code 7.2.1</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-fwsm">http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-fwsm</A><BR /> <BR /> Click on the All new releases will be available "here"<BR /> <BR /> The latest in the 3.1.x train 3.1.(19)<BR /> The latest in the 4.0 train is 4.0.13<BR /> The latest in the 3.2 train is 3.2.(19)<BR /> The latest in the 4.1 train is 4.1(3)<BR /> ASDM is asdm-62(1)f.bin</P><P></P><P>-KS</P></BODY></HTML> Mon, 29 Nov 2010 00:09:43 GMT https://community.cisco.com/t5/network-security/forwarding-loop-fwsm-in-vss-chassis/m-p/1524715#M579331 Kureli Sankar 2010-11-29T00:09:43Z