topic Re: FWSM - Ping Working but NO TCP Connection in Network Security

FWSM - Ping Working but NO TCP Connection

manuadoor — Mon, 11 Mar 2019 16:05:10 GMT

I have two interfaces, vlan 45 and vlan 46.

vlan 45 have a security level of 30 and vlan 46 have 25.

I have a server running on vlan 46, I can ping from the server connected in vlan 45.

I have applied "permit ip any any" in both the interfaces in "IN" direction. but when I could not telnet from the server in vlan 45 to vlan 46.

I put a capture in the interface vlan 45, when I ping I can see packets, I cant see any packets when I telnet (or any other TCP).

ultimately I can get any TCP session to vlan 46 from 45.

Any inputs are appreciated.

Re: FWSM - Ping Working but NO TCP Connection

r.poblete — Wed, 12 Aug 2009 03:53:09 GMT

Hi,

Could you post your config.

Thanks,

Robert

Re: FWSM - Ping Working but NO TCP Connection

manuadoor — Wed, 12 Aug 2009 08:18:32 GMT

Please ignore the vlans specified in the previous post, The Original Vlans are Vlan16 (intranet) and Vlan24 (EMS_VLAN), Traffic flow is

PC1->[vlan16->FWSM->vlan24]->PC2

Both Vlan 16 and Vlan 24 is created on FWSM. ping is successful from PC1 to PC2. But when you telnet from PC1 to PC2, not gettig, Access list is "permit ip any any" in both the interfaces of Vlan16 and Vlan24.

Re: FWSM - Ping Working but NO TCP Connection

manuadoor — Thu, 13 Aug 2009 23:35:03 GMT

It has been solved as the problem was in the ingress network. Thanks for your help. Hoever it will be great for me if I get ant good docs on FWSM. Already we have another problem of xlate that is not building any connections.. At times when we clear the Xlate, it will start working

Re: FWSM - Ping Working but NO TCP Connection

Kevin Redmon — Fri, 14 Aug 2009 00:44:12 GMT

When addressing any issues with xlates, the best command to consider is 'show xlate detail | inc '. Try this command for both the source and destination IP address. Compare the output of this command with the expected interfaces for ingress and egress. If you are still not sure which xlate is the problem, you can parse through the 'clear xlate ?' command to clear individual xlates.

Once you determine which xlate is the problem, be sure to investigate all routes, nat/global pairs, and static statements for accuracy.

You can find all FWSM documentation (configuration guides and command references) via the link below:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html