Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
978
Views
0
Helpful
2
Replies

FWSM strange Issue - not passing traffic through firewall

Go to solution
pemasirid
Level 1
Level 1

‎05-04-2011 03:28 AM - edited ‎03-11-2019 01:29 PM

Hi,

We have 2 FWSM modules in each 6500 switches. 1st module is having 04 firewall vlan groups with 18 vlan interfaces in a single context firewall. All are working fine with no issues. Recently we create one more vlan on MFSC and add into the same firewall module. However newly created vlan inside the FW is not able to communicate with outside and also outside users not able to reach newly created subnet. But within the firewall zones (other interfaces) it can communicate. Once we did packet capture we noticed that its hitting firewall outside interface only and when we ping we got TTL expired error. we have default routes to outside and there's no any route inside as new segment is within the firewall (no any hop).

Appreciate if some one can give any hint on this. I guess there's no limitation on number of vlans that we can assign on one firewall eventhough there is a limitation for number of vlan-group which is 16 max (but we are within that limit).

thanks in advance..

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
golly_wog
Level 1
Level 1

‎05-16-2011 09:30 AM

Hey

Sounds like you have a routing issue (as you mentioned the TTL expires)

Can you give us a show ip route from the MSFC and a show route from the FWSM please? (even better wouyld be a full show run from the fwsm)

thanks

View solution in original post

0 Helpful
2 Replies 2

Go to solution
golly_wog
Level 1
Level 1

‎05-16-2011 09:30 AM

Hey

Sounds like you have a routing issue (as you mentioned the TTL expires)

Can you give us a show ip route from the MSFC and a show route from the FWSM please? (even better wouyld be a full show run from the fwsm)

thanks

0 Helpful

Go to solution
pemasirid
Level 1
Level 1
In response to golly_wog

‎05-16-2011 11:23 PM

Hi,

Actually the issue was dissapered after remoing the vlan from the firewall group and re-applying the configuration. I'm still not able to find the root cause, however I'm suspecting a bug since the running code is 3.1.

Has anybody come across such issue or found any bug related on this..?


Regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card