https://community.cisco.com/t5/network-security/fwsm-context/m-p/1342942#M824179 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P><A class="jive-link-email-small" href="mailto:faizm@sejeltech.com">faizm@sejeltech.com</A></P><P></P><P style="text-align: left;">Hi NetGurus,</P><P>I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach</P><P>the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only</P><P>one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.</P><P>Regards</P><P>MFM </P></PRE><P></P><P>MFM</P><P></P><P>Couple of things</P><P></P><P>1) when you say you cannot ping any other vlans - do you mean the vlan interface on the FWSM or hosts on that vlan protected by the FWSM. If you mean the interface then you can't because this is a security feature of the FWSM</P><P></P><P>2) If you mean hosts then you need to check 2 things</P><P></P><P>i) have you allowed the traffic through with an acl. Be aware that with the FWSM you do not just need an acl for lower to higher security interface (which is standard for all Cisco firewalls) but you also need an acl for higher to lower as well. Alternatively you can enable ICMP inspection on the FWSM</P><P></P><P>ii) Do you have routes on the MSFC telling it how to get to the vlans protected by the FWSM ?</P><P></P><P>Jon</P></BODY></HTML> Sat, 21 Nov 2009 11:41:00 GMT Jon Marshall 2009-11-21T11:41:00Z https://community.cisco.com/t5/network-security/fwsm-context/m-p/1342941#M824161 <P style="text-align: left;">Hi NetGurus,</P><P>I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach</P><P>the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only</P><P>one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.</P><P>Regards</P><P>MFM </P> Mon, 11 Mar 2019 16:41:19 GMT https://community.cisco.com/t5/network-security/fwsm-context/m-p/1342941#M824161 Mohammed Faiz Mohiuddin 2019-03-11T16:41:19Z https://community.cisco.com/t5/network-security/fwsm-context/m-p/1342942#M824179 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P><A class="jive-link-email-small" href="mailto:faizm@sejeltech.com">faizm@sejeltech.com</A></P><P></P><P style="text-align: left;">Hi NetGurus,</P><P>I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach</P><P>the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only</P><P>one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.</P><P>Regards</P><P>MFM </P></PRE><P></P><P>MFM</P><P></P><P>Couple of things</P><P></P><P>1) when you say you cannot ping any other vlans - do you mean the vlan interface on the FWSM or hosts on that vlan protected by the FWSM. If you mean the interface then you can't because this is a security feature of the FWSM</P><P></P><P>2) If you mean hosts then you need to check 2 things</P><P></P><P>i) have you allowed the traffic through with an acl. Be aware that with the FWSM you do not just need an acl for lower to higher security interface (which is standard for all Cisco firewalls) but you also need an acl for higher to lower as well. Alternatively you can enable ICMP inspection on the FWSM</P><P></P><P>ii) Do you have routes on the MSFC telling it how to get to the vlans protected by the FWSM ?</P><P></P><P>Jon</P></BODY></HTML> Sat, 21 Nov 2009 11:41:00 GMT https://community.cisco.com/t5/network-security/fwsm-context/m-p/1342942#M824179 Jon Marshall 2009-11-21T11:41:00Z