Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
6
Replies

Between FWSM and vlan1 at 6500

Go to solution
nuno.santos
Level 1
Level 1

‎01-24-2011 02:56 AM - edited ‎03-11-2019 12:39 PM

Hi,

I have the following scennario:

VLAN 1, 5, 10 etc. ---- Core 6500 MSFC ---- Vlan 2 ---- FWSM --- VLAN 4

Everything goes well except when i try to ping from vlan 4 to vlan 1 and vice-versa. All the connectivity between vlan 4 and all the internal vlans (5, 10 etc) are working perfectly.

Is there any known bug / issue when using vlan 1 to communicate with some other vlan behind a FWSM [4.0(13)]?

Regards,

Nuno

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrew Ossipov
Cisco Employee
Cisco Employee

‎01-24-2011 09:56 PM

Hello Nuno,

Unfortunately, you cannot use VLAN 1 for data forwarding through an FWSM:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/switch_f.html#wp1175848

Andrew

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Yudong Wu
Level 7
Level 7

‎01-24-2011 02:20 PM

can you run "debug icmp trace 255" when you ping between vlan 4 and vlan 1?

FWSM log and configuration file from both switch and FWSM might be helpful for us to identify if there is any configuration issue.

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to Yudong Wu

‎01-24-2011 02:59 PM

NO. there isn't any known issue with vlan1 communication through the FWSM to another vlan. vlan1 is behind vlan 2 on the inside of the FWSM? pings should work fine.

Do you have proper translation configured for this inside subnet?

Do you have icmp inspection enabled for the replies to come back automatically?

-KS

0 Helpful

Go to solution
nuno.santos
Level 1
Level 1
In response to Kureli Sankar

‎01-25-2011 07:06 AM

Hi KS,

everything is fine with inspect and translations because i'm using the same rules between the vlan 4 and another internal vlan 100 for example!!!

0 Helpful

Go to solution
Andrew Ossipov
Cisco Employee
Cisco Employee

‎01-24-2011 09:56 PM

Hello Nuno,

Unfortunately, you cannot use VLAN 1 for data forwarding through an FWSM:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/switch_f.html#wp1175848

Andrew

0 Helpful

Go to solution
nuno.santos
Level 1
Level 1
In response to Andrew Ossipov

‎01-25-2011 07:03 AM

Hi Andrew,

This issue doesn't apply to my scenario!! The VLAN 1 is from the MSFC side and has nothing to do with FWSM as you can see from my first Post. So i don't need to add it to the vlan-group at MSFC.

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to nuno.santos

‎01-25-2011 07:07 AM

Correct. Your topology is supported.

what is not supported is this:

inside hosts--vlan1--FWSM--vlan4--MSFC

Check the logs and see what it shows when you try to connect from a host on vlan1 to the outside through the FWSM.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card