https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193161#M859577 <P>Hi, </P><P></P><P>We just installed our new FWSM and attempted to upgrade ASDM. From the 6500, we can session into the FWSM but we <B>CAN'T</B> ping to it. Can anyone point out our configuration mistakes? </P><P></P><P>6500 running 12.2(33)SXH4:</P><P>&lt;font face="courier"&gt;</P><P>interface vlan 400</P><P> ip address 10.4.4.3 255.255.255.248</P><P> no shutdown</P><P>&lt;/font&gt;</P><P>FWSM: </P><P>&lt;font face="courier"&gt;</P><P>hostname FWSM</P><P>names</P><P>!</P><P>interface Vlan400</P><P> nameif inside</P><P> security-level 0</P><P> ip address 10.4.4.1 255.255.255.248 </P><P>!</P><P>ftp mode passive</P><P>access-list inside extended permit ip any any </P><P>pager lines 24</P><P>mtu inside 1500</P><P>no failover</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>nat-control</P><P>access-group inside in interface inside</P><P>access-group inside out interface inside</P><P>route inside 0.0.0.0 0.0.0.0 10.4.4.3 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00</P><P>timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00</P><P>timeout uauth 0:05:00 absolute</P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>console timeout 0</P><P>!</P><P>class-map inspection_default</P><P> match default-inspection-traffic</P><P>!</P><P>!</P><P>policy-map global_policy</P><P> class inspection_default</P><P> inspect dns maximum-length 512 </P><P> inspect ftp </P><P> inspect h323 h225 </P><P> inspect h323 ras </P><P> inspect netbios </P><P> inspect rsh </P><P> inspect skinny </P><P> inspect smtp </P><P> inspect sqlnet </P><P> inspect sunrpc </P><P> inspect tftp </P><P> inspect sip </P><P> inspect xdmcp </P><P>!</P><P>service-policy global_policy global</P><P>prompt hostname context </P><P>Cryptochecksum:7c5bd4abd770cb0bb0014b584ec0c913</P><P>&lt;/font&gt;</P><P>Thanks. </P> Mon, 11 Mar 2019 15:38:25 GMT Leo Laohoo 2019-03-11T15:38:25Z https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193161#M859577 <P>Hi, </P><P></P><P>We just installed our new FWSM and attempted to upgrade ASDM. From the 6500, we can session into the FWSM but we <B>CAN'T</B> ping to it. Can anyone point out our configuration mistakes? </P><P></P><P>6500 running 12.2(33)SXH4:</P><P>&lt;font face="courier"&gt;</P><P>interface vlan 400</P><P> ip address 10.4.4.3 255.255.255.248</P><P> no shutdown</P><P>&lt;/font&gt;</P><P>FWSM: </P><P>&lt;font face="courier"&gt;</P><P>hostname FWSM</P><P>names</P><P>!</P><P>interface Vlan400</P><P> nameif inside</P><P> security-level 0</P><P> ip address 10.4.4.1 255.255.255.248 </P><P>!</P><P>ftp mode passive</P><P>access-list inside extended permit ip any any </P><P>pager lines 24</P><P>mtu inside 1500</P><P>no failover</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>nat-control</P><P>access-group inside in interface inside</P><P>access-group inside out interface inside</P><P>route inside 0.0.0.0 0.0.0.0 10.4.4.3 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00</P><P>timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00</P><P>timeout uauth 0:05:00 absolute</P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>console timeout 0</P><P>!</P><P>class-map inspection_default</P><P> match default-inspection-traffic</P><P>!</P><P>!</P><P>policy-map global_policy</P><P> class inspection_default</P><P> inspect dns maximum-length 512 </P><P> inspect ftp </P><P> inspect h323 h225 </P><P> inspect h323 ras </P><P> inspect netbios </P><P> inspect rsh </P><P> inspect skinny </P><P> inspect smtp </P><P> inspect sqlnet </P><P> inspect sunrpc </P><P> inspect tftp </P><P> inspect sip </P><P> inspect xdmcp </P><P>!</P><P>service-policy global_policy global</P><P>prompt hostname context </P><P>Cryptochecksum:7c5bd4abd770cb0bb0014b584ec0c913</P><P>&lt;/font&gt;</P><P>Thanks. </P> Mon, 11 Mar 2019 15:38:25 GMT https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193161#M859577 Leo Laohoo 2019-03-11T15:38:25Z https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193162#M859580 <HTML><HEAD></HEAD><BODY><P>Looks like you need the "icmp permit any inside". You also need to make sure you are passing the vlans to the FWSM from the switch. You can do this with the command "firewall vlan-group 1 vlan 400" and "firewall module <MODULE> group 1".</MODULE></P><P></P></BODY></HTML> Tue, 02 Jun 2009 04:29:08 GMT https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193162#M859580 plumbis 2009-06-02T04:29:08Z https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193163#M859586 <HTML><HEAD></HEAD><BODY><P>Hi Pete, </P><P>Thanks for the quick response. I forgot to include the following lines in my initial post: </P><P><FONT face="courier"></FONT></P><P>firewall module 9 vlan-group 1,</P><P>firewall vlan-group 1 400</P></BODY></HTML> Tue, 02 Jun 2009 04:39:48 GMT https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193163#M859586 Leo Laohoo 2009-06-02T04:39:48Z https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193164#M859598 <HTML><HEAD></HEAD><BODY><P>Thanks Pete. Problem rectified. +5 from me.</P></BODY></HTML> Tue, 02 Jun 2009 04:52:46 GMT https://community.cisco.com/t5/network-security/can-t-ping-fwsm-with-basic-configuration/m-p/1193164#M859598 Leo Laohoo 2009-06-02T04:52:46Z