01-24-2011 02:56 AM - edited 03-11-2019 12:39 PM
Hi,
I have the following scennario:
VLAN 1, 5, 10 etc. ---- Core 6500 MSFC ---- Vlan 2 ---- FWSM --- VLAN 4
Everything goes well except when i try to ping from vlan 4 to vlan 1 and vice-versa. All the connectivity between vlan 4 and all the internal vlans (5, 10 etc) are working perfectly.
Is there any known bug / issue when using vlan 1 to communicate with some other vlan behind a FWSM [4.0(13)]?
Regards,
Nuno
Solved! Go to Solution.
01-24-2011 09:56 PM
Hello Nuno,
Unfortunately, you cannot use VLAN 1 for data forwarding through an FWSM:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/switch_f.html#wp1175848
Andrew
01-24-2011 02:20 PM
can you run "debug icmp trace 255" when you ping between vlan 4 and vlan 1?
FWSM log and configuration file from both switch and FWSM might be helpful for us to identify if there is any configuration issue.
01-24-2011 02:59 PM
NO. there isn't any known issue with vlan1 communication through the FWSM to another vlan. vlan1 is behind vlan 2 on the inside of the FWSM? pings should work fine.
Do you have proper translation configured for this inside subnet?
Do you have icmp inspection enabled for the replies to come back automatically?
-KS
01-25-2011 07:06 AM
Hi KS,
everything is fine with inspect and translations because i'm using the same rules between the vlan 4 and another internal vlan 100 for example!!!
01-24-2011 09:56 PM
Hello Nuno,
Unfortunately, you cannot use VLAN 1 for data forwarding through an FWSM:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/switch_f.html#wp1175848
Andrew
01-25-2011 07:03 AM
Hi Andrew,
This issue doesn't apply to my scenario!! The VLAN 1 is from the MSFC side and has nothing to do with FWSM as you can see from my first Post. So i don't need to add it to the vlan-group at MSFC.
01-25-2011 07:07 AM
Correct. Your topology is supported.
what is not supported is this:
inside hosts--vlan1--FWSM--vlan4--MSFC
Check the logs and see what it shows when you try to connect from a host on vlan1 to the outside through the FWSM.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide