https://community.cisco.com/t5/network-security/contexts-on-fwsm/m-p/1103533#M914391 <HTML><HEAD></HEAD><BODY><P>Glenn</P><P></P><P>Could you post a jpeg instead of a visio ?</P><P></P><P>Jon</P></BODY></HTML> Mon, 18 Aug 2008 18:55:11 GMT Jon Marshall 2008-08-18T18:55:11Z https://community.cisco.com/t5/network-security/contexts-on-fwsm/m-p/1103532#M914390 <P>Hello</P><P>I have the following problem</P><P></P><P>I am working with security contexts on a FWSM installed on a cat 6500</P><P>(I strongly recommend that you take a look at the topology diagram at this point)</P><P></P><P>My problem is that I can't make server SIRE_APP located on DMZ_SIRE</P><P>to communicate with any other host on any other VLAN UNLESS</P><P>i manually configure the VLANS I want to communicate with on the CAT 6500 </P><P></P><P>for instance....</P><P></P><P>In order for server SIRE_APP (172.29.2.5) (VLAN 11 --&gt;172.29.2.0) to communicate with server DNSin (172.29.1.2) (VLAN4 --&gt;172.29.1.0)</P><P>i have to manually enter the following lines on the CAT 6500</P><P></P><P></P><P>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++</P><P>interface Vlan11</P><P> description DMZ_SIRE (configured on context EXTRA)</P><P> ip address 172.29.2.254 255.255.255.0</P><P> no shutdown</P><P></P><P>interface Vlan4</P><P> description DMZ (configured on context EXTRA)</P><P> ip address 172.29.1.254 255.255.255.0</P><P> no shutdown</P><P>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++</P><P></P><P></P><P>Then I have to manually change the SIRE_APP server's default gateway to point to</P><P>ip 172.29.2.254 (vlan 11) configured on the CAT 6500 instead of pointing</P><P>to the ip 172.29.2.1 (configured as an interface on contect EXTRA)</P><P></P><P>BUT if I do this ALL other hosts on ANY other vlans can't communicate with servers on the DMZ (VLAN4)</P><P></P><P>Meanwhile.... </P><P>NONE of this is (or was necessary) in order for servers on VALN 4</P><P>DNSin, OASin to communicate with hosts on any other VLANS</P><P></P><P>I have setup CAPTURES (raw-data &amp; asp-drop types) but the problem is not an access-list, I have try several NATs but still the same...</P><P></P><P></P><P>I have attached the run config for context EXTRA, context INTRA and context system (CONTEXTS.txt)</P><P>and relevan info on the running-config for the CAT 6500 (CAT 6500 with changes)</P><P></P><P>I'll appreciate any help on this issue</P><P></P><P>Glenn</P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 13:32:25 GMT https://community.cisco.com/t5/network-security/contexts-on-fwsm/m-p/1103532#M914390 glenn.guzman 2019-03-11T13:32:25Z https://community.cisco.com/t5/network-security/contexts-on-fwsm/m-p/1103533#M914391 <HTML><HEAD></HEAD><BODY><P>Glenn</P><P></P><P>Could you post a jpeg instead of a visio ?</P><P></P><P>Jon</P></BODY></HTML> Mon, 18 Aug 2008 18:55:11 GMT https://community.cisco.com/t5/network-security/contexts-on-fwsm/m-p/1103533#M914391 Jon Marshall 2008-08-18T18:55:11Z https://community.cisco.com/t5/network-security/contexts-on-fwsm/m-p/1103534#M914392 <HTML><HEAD></HEAD><BODY><P>You don't have a static from DMZ_SIRE to DMZ configured. </P><P></P><P>Are you getting xlate errors in the log of extra or the admin context?</P><P></P><P>Try adding a static and pinging.</P></BODY></HTML> Mon, 18 Aug 2008 19:52:42 GMT https://community.cisco.com/t5/network-security/contexts-on-fwsm/m-p/1103534#M914392 a-ford 2008-08-18T19:52:42Z