Fwsm not forwarding traffic

Sithembiso Nhlozi · ‎06-04-2015

I have a firewall service module in a 6500. Lately traffic from lower interfaces within the LAN is not forwarded to higher interface. Created a capture and I can see traffic on the ingress interface and its not forwarded on the egress interface.

I have no nat control enabled on the firewall. I don't have a nat exempt for traffic that is not an outside connection.

configs have been working and now this issue started.

I have created static nat to solve the issue as a temporal mesure. I would like to find a permanent solution for this, please share some ideas.

Vibhor Amrodia · ‎06-05-2015

Hi,

I think as you were able to see the traffic incoming and not going out from the FWSM , I think first steps should be to check the debugging syslog on the FWSM and see the reason for the packet to be dropped.

Also , to verify , can you post the NAT configuration and the requirement with IP Addresses ?

Thanks and Regards,

Vibhor Amrodia

Sithembiso Nhlozi · ‎06-08-2015

Hi Vibhor,

I always had the command below allowing all connections to pass without natting

FWSM/contcorp# sh run all | i no nat
no nat-control

Now I have to create static nat to allow traffic as below

static (inside,finance) 172.28.16.27 172.28.16.27 netmask 255.255.255.255 tcp 2000 0

Some of the connections are not passed though the firewaal even if I exempt it from nat.

This is the problem I'm facing lateley on the FWSM Firewall Version 4.1. Haven't found any documantation with this issue and solution