Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1014
Views
0
Helpful
5
Replies

Issue with the Logs in FWSM

Yasir Muhammed Tameez
Level 1
Level 1

‎12-20-2011 04:07 AM - edited ‎03-11-2019 03:04 PM

We deplyed FWSM around 3 months ago.

We are still in a process of transferring our servers VLANs from MSFC to FWSM.

Just yesterday I saw very unusual log in fwsm. I hope i can explain to you.

We have one Zone inside the FWSM which is for Symentac Servers( 10.0.71.0/24) zone name is NW-servers

We have one subnet which is on MSFC or in simple way outside FWSM interface. (10.0.4.0/24)

I applied the following rule

Anything from 10.0.4.0/24 should be allowed to NW-Servers (10.0.71.0/24)  ( Pls note that it is out going rule)

FWSM Rule.png

But when i enable logs on that specific rule then i found the below logs

FWSM Log.png

Now the strange thing is that why i am seeing 10.0.4.26 as my destination in the log because the rule itself is not configured like it.

Also we noted that the packet is with ICMP using port 3.

just for your information 10.0.4.26 is VMware ESX Host and it is using our SAN storage.

I hope i expalined you guys very well.

Can any expert help me out with it?

Thanks

Regards,

Yasir

Labels:
0 Helpful
5 Replies 5

Yasir Muhammed Tameez
Level 1
Level 1

‎12-24-2011 02:47 AM

any help pls.

0 Helpful

andrey.dugin
Level 1
Level 1
In response to Yasir Muhammed Tameez

‎12-25-2011 12:58 PM

ICMP type 3 are messages generated by router in case of destination unreachable.

Your servers try to connect to internet-servers directly but it may be impossible by network configuration.

0 Helpful

Yasir Muhammed Tameez
Level 1
Level 1
In response to andrey.dugin

‎12-25-2011 11:28 PM

Thanks for the reply Andrey.

I know ICMP type 3 is a destination unreachable message but it shouldn't be comming under this specific rule because my rule is only for the traffic orignating from 10.0.4.0/23 & going to 10.0.71.0/24 but logs are giving me some different strange ouput.

I think ASDM is not filtering it well , might be some bug.

0 Helpful

andrey.dugin
Level 1
Level 1
In response to Yasir Muhammed Tameez

‎12-26-2011 02:10 AM

May you show your access-list on OUTSIDE interface and NAT rules?

0 Helpful

Yasir Muhammed Tameez
Level 1
Level 1
In response to andrey.dugin

‎12-26-2011 03:10 AM

We have any any on the outside interface because we are still preparing the policy after checking the Logs.

Actually this FWSM is on Data center Core & we recently deployed it.

We also have no Nating enable on FWSM.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card