https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324912#M811922 <HTML><HEAD></HEAD><BODY><P>Thanks Jorge for the reply.</P><P></P><P>Q1. Pc 10.27.2.12 (VLAN 200) cannot ping 10.26.6.1 (VLAN 109) and 10.27.0.1 (VLAN 199) on the FWSM. Is this possible? </P><P></P><P>I already had this command applied to the FWSM. For the inside VLANS I can ping hosts on all the inside VLANS but cannot ping the default gateways for other inside vlans. Is this allowed on the FWSM?</P><P></P><P>same-security-traffic permit inter-interface </P><P></P><P></P><P></P></BODY></HTML> Fri, 31 Jul 2009 12:15:13 GMT colmgrier 2009-07-31T12:15:13Z https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324910#M811920 <P>Current lab is setup with 3 VLANS 109,199,200 protected behind the FWSM. </P><P></P><P>Q1. Pc 10.27.2.12 (VLAN 200) cannot ping 10.26.6.1 (VLAN 109) and 10.27.0.1 (VLAN 199) on the FWSM. Is this possible?</P><P></P><P>Q2. Pc 10.27.2.12 (VLAN 200) cannot access the FWSM using ASDM software. Is this possible?</P><P></P><P>Please advise,</P><P></P><P>Regards,</P><P>C</P><P></P><P> </P><P></P> Mon, 11 Mar 2019 16:00:43 GMT https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324910#M811920 colmgrier 2019-03-11T16:00:43Z https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324911#M811921 <HTML><HEAD></HEAD><BODY><P>Colm, I have not play with fwsm but does have some similarities with asa's, I'll give this one a shot.</P><P></P><P>starting with the easy one.</P><P><B>Q2. Pc 10.27.2.12 (VLAN 200) cannot access the FWSM using ASDM software. Is this possible?</B></P><P></P><P>Allow admin access for that host on the fwsm to be able to access asdm</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/partner/docs/security/fwsm/fwsm40/configuration/guide/mgacc_f.html#wp1047288" target="_blank">http://www.cisco.com/en/US/partner/docs/security/fwsm/fwsm40/configuration/guide/mgacc_f.html#wp1047288</A></P><P></P><P>e.i</P><P></P><P>fwsm(config)# http 10.27.2.12 255.255.255.255 <B>cm-servers</B></P><P></P><P></P><P><B>Q1. Pc 10.27.2.12 (VLAN 200) cannot ping 10.26.6.1 (VLAN 109) and 10.27.0.1 (VLAN 199) on the FWSM. Is this possible? </B></P><P></P><P>Vlan109 wireless interface, and vlan 200 cm-servers interface have same security level of 100, to enable communication between the two you need same sec traffic intra-interface.</P><P></P><P>same-security-traffic permit inter-interface </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/intfce_f.html#wp1059402" target="_blank">http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/intfce_f.html#wp1059402</A></P><P></P><P>Regards</P><P></P><P></P></BODY></HTML> Thu, 30 Jul 2009 17:29:58 GMT https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324911#M811921 JORGE RODRIGUEZ 2009-07-30T17:29:58Z https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324912#M811922 <HTML><HEAD></HEAD><BODY><P>Thanks Jorge for the reply.</P><P></P><P>Q1. Pc 10.27.2.12 (VLAN 200) cannot ping 10.26.6.1 (VLAN 109) and 10.27.0.1 (VLAN 199) on the FWSM. Is this possible? </P><P></P><P>I already had this command applied to the FWSM. For the inside VLANS I can ping hosts on all the inside VLANS but cannot ping the default gateways for other inside vlans. Is this allowed on the FWSM?</P><P></P><P>same-security-traffic permit inter-interface </P><P></P><P></P><P></P></BODY></HTML> Fri, 31 Jul 2009 12:15:13 GMT https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324912#M811922 colmgrier 2009-07-31T12:15:13Z https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324913#M811923 <HTML><HEAD></HEAD><BODY><P>As far as I know a host from one vlan where its L3 interface resides in the firewall cannot ping the default gateway of another vlan on the same firewall like you would in a non-firewall router .. this is the way it is on pix/asa and would expect the same behaviour-restriction in FWSM..</P><P></P><P>If I am mistaken on fwsm perhaps someone could correct.</P><P></P><P>Regards</P></BODY></HTML> Fri, 31 Jul 2009 16:05:05 GMT https://community.cisco.com/t5/network-security/fwsm-permiting-traffic/m-p/1324913#M811923 JORGE RODRIGUEZ 2009-07-31T16:05:05Z