03-06-2009 05:38 AM - edited 03-11-2019 08:01 AM
Hi
I'm having a strange issue with a FWSM ,
it has 4 networks ( inside , outside , dmz 1-2)
when i try to connect to an inside host from outside , fwsm denies the connection attempt, but the rule configured permits this traffic.
But when from the inside host I connect to the ouside host , traffic before denied now is permitted. I have modified antispoofing and others but I don't fix it
03-12-2009 11:43 AM
If the traffic does not pass through the FWSM.
Possible Cause : The VLANs are not configured on the switch or are not assigned to the FWSM.
Recommended Action : Configure the VLANs and assign them to the FWSM according to the steps mentioned here:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/switch_f.html#wpxref34592
03-12-2009 12:15 PM
Sounds like you may have a NAT issue ie. when you connect from inside to outside you build a translation that can then be used from outside to inside.
Could you post the relevant portions of config for the NAT. Also could you detail the source and destination addresses on the inside and outside.
Jon
03-19-2009 02:23 AM
Hi Jon
yes... there was the command 'nat-control' enabled. I disabled it and now it works
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide