FWSM Problem

mohamednselim · ‎06-12-2012

Dear all,

i have a problem

all my user vlans are on the core it self , but the servers vlans are on the fwsm, when 2 servers are in the same vlan they can work perfectly , but there is a delay and sometimes packet drops when a server on vlan try to communicate with other server in other vlan,

my access lists is permit ip any any so all the tracffic sould pass normally between them ,

for example when im on a server in vlan 100 and remote desktop on other server in the same vlan it took less than a sec and im on the other server.

but when a server on vlan 100 remote desktop on server on vlan 99 it may took up tp 30 sec or so to connect and also when the 2 servers in differ vlans try to gett data from eachother sometimes it took time sometimes it gives error as it cant be reached and will try to connect again.

pinging is working fine no problem.

fwsm is router not trasparent.

Servers are microsoft mail server and domain controller server.

If i make it transparent will it solve this problem ?

and if i issue the command firewall transparent should i need a downtime , or everything will work normally ??

Im not good with Security so help and if you need any more info let me know.

Thanks.

Ramraj Sivagnanam Sivajanam · ‎08-22-2012

Changing your Cisco FWSM mode to transparent isn't the best way forward. You don't want to solve one problem and create 100 more problems. This is because Cisco FWSM in transparent mode has its' limitations.

This issue could be due to many reasons e.g. software bug on either Cat6K or FWSM, hardware performance such as high CPU/Memory utilization and LAN issues such as ARP, port speed/duplex etc.

Warm regards,
Ramraj Sivagnanam Sivajanam