Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
3
Helpful
1
Replies

FWSM context

Mohammed Faiz Mohiuddin
Level 1
Level 1

‎11-20-2009 11:32 PM - edited ‎03-11-2019 09:41 AM

Hi NetGurus,

I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach

the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only

one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.

Regards

MFM

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-21-2009 03:41 AM 

faizm@sejeltech.com
Hi NetGurus,
I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach
the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only
one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.
Regards
MFM

MFM

Couple of things

1) when you say you cannot ping any other vlans - do you mean the vlan interface on the FWSM or hosts on that vlan protected by the FWSM. If you mean the interface then you can't because this is a security feature of the FWSM

2) If you mean hosts then you need to check 2 things

i) have you allowed the traffic through with an acl. Be aware that with the FWSM you do not just need an acl for lower to higher security interface (which is standard for all Cisco firewalls) but you also need an acl for higher to lower as well. Alternatively you can enable ICMP inspection on the FWSM

ii) Do you have routes on the MSFC telling it how to get to the vlans protected by the FWSM ?

Jon

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card