Re: PING between Inside to Outsiide in FWSM

CSCO10320953 · ‎12-08-2008

Hi,

I am unable to ping from inside vlan100 interface 10.X.x.x to outside vlan 2interface 10.x.x.x in the FWSM.What is the problem and give the idea.

Jon Marshall · ‎12-08-2008

It could be quite a few things but the first thing to check is that the FWSM behaves slightly differently than pix or ASA firewalls.

On pix and asa firewalls traffic is allowed by default from a higher to a lower security interface. This is not the case with the FWSM, you need an access-list on the inside interface that allows the traffic.

Jon

CSCO10320953 · ‎12-08-2008

HI,

access list is also done

Jon Marshall · ‎12-08-2008

Where are you pinging from and where are you pinging to ?

Have you configured NAT ?

Jon

CSCO10320953 · ‎12-08-2008

After giving no nat control command ,its ping

Thanks lot

Jon Marshall · ‎12-08-2008

Okay, it would help if you could perhaps give a bit more info than just a quick sentence.

What is the device you are running the ping command on ?

What is the destination device you are pinging to ?

Are both your vlan interfaces on the FWSM in the up/up state ?

Jon

CSCO10320953 · ‎12-08-2008

What is the device you are running the ping command on ?

4509 switch

What is the destination device you are pinging to ?

7500 series router

Are both your vlan interfaces on the FWSM in the up/up state ?

yes

Jon Marshall · ‎12-08-2008

Can you post config of

1) FWSM

2) 6500 switch which includes the "sh firewall vlan-group" command

Is the FWSM in single or multi context.

Is the FWSM in transparent or routed mode.

Jon