12-24-2012 06:30 AM - edited 03-11-2019 05:40 PM
Dear Experts ,
I have FWSM running version 3.2(23) , configured with interface vlans , all having the same security level , except outside interface vlan which has security level 0 , also same-security-traffic permit inter-interface and same-security-traffic permit intra-interface are configured, my problem is when establishing sessions (I tried TCP only using ssh and telnet , in addition of ping ) from one specific vlan (172.16.1.0/28) to other vlan (172.16.1.16/28) , I can not see the established sessions in "show xlate debug" output ! although I can see these sessions from capture ! the two subnets are separate , two different /28.
I can see the session established from the remaining interface vlans with same security level toward 172.16.1.16/28 , my question is what is the exception with vlan having this subnet172.16.1.0/28, how it can reach other vlan with subnnet 172.16.1.16/28 without showing anything in xlate table ? do you thing it is bug ? please advise
Regards
01-13-2013 11:05 AM
Do you have xlate-bypass configured?
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/uw.html#wp1306953
-Kureli
https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
Upcoming Live Webcast in English: January 15, 2013
Troubleshooting ASA and Firewall Service Modules
Register today: http://tools.cisco.com/squish/42F25
01-13-2013 11:23 PM
Thanks kureli for your reply.
No, xlate bypass is not configured
Regards
Red1
Sent from Cisco Technical Support Android App
01-14-2013 10:55 AM
Red1,
Need to make sure the packets are arriving on the correct interface. Need to grab captures and the debug level syslogs at the same time. Hope you are not running into the xlate limitation of the module.
Pls. check the limitation link here:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/specs_f.html#wp1056716
-Kureli
https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
Upcoming Live Webcast in English: January 15, 2013
Troubleshooting ASA and Firewall Service Modules
Register today: http://tools.cisco.com/squish/42F25
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide