06-04-2015 12:57 PM - edited 03-11-2019 11:03 PM
I have a firewall service module in a 6500. Lately traffic from lower interfaces within the LAN is not forwarded to higher interface. Created a capture and I can see traffic on the ingress interface and its not forwarded on the egress interface.
I have no nat control enabled on the firewall. I don't have a nat exempt for traffic that is not an outside connection.
configs have been working and now this issue started.
I have created static nat to solve the issue as a temporal mesure. I would like to find a permanent solution for this, please share some ideas.
 
					
				
		
06-05-2015 01:45 AM
Hi,
I think as you were able to see the traffic incoming and not going out from the FWSM , I think first steps should be to check the debugging syslog on the FWSM and see the reason for the packet to be dropped.
Also , to verify , can you post the NAT configuration and the requirement with IP Addresses ?
Thanks and Regards,
Vibhor Amrodia
06-08-2015 12:13 PM
Hi Vibhor,
I always had the command below allowing all connections to pass without natting
FWSM/contcorp# sh run all | i no nat
no nat-control
 
Now I have to create static nat to allow traffic as below
static (inside,finance) 172.28.16.27 172.28.16.27 netmask 255.255.255.255 tcp 2000 0
Some of the connections are not passed though the firewaal even if I exempt it from nat.
This is the problem I'm facing lateley on the FWSM Firewall Version 4.1. Haven't found any documantation with this issue and solution
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide