Routing on FWSM

Irfan Salam · ‎06-14-2012

I have following Setup..... (FWSM in Cisco 7609 )

both FWSM interfaces are in security level 0 ....

following command is there too

"same-security-traffic permit inter-interface"

"route if_outside 0.0.0.0 0.0.0.0 10.1.90.5"

i am unable to understand which Firewall rule producing following Result:

From MSFC:

ping 10.1.90.4 ---> OK
ping 10.1.90.12 ----> OK
ping 10.1.90.4 source loopback 0 ---> OK
ping 10.1.90.12 source loopback 0 ---> NO Reply (Why?)
- and message ASDM "No route to 202.92.25.254 from 10.1.90.12"

then i add route:

"route if_inside 202.92.25.254 255.255.255.255 10.1.90.14"

So,

ping 10.1.90.12 source loopback 0 ---> OK

could any help to understand why default Route was not used....

Jennifer Halim · ‎06-15-2012

Pinging across the FWSM interfaces are not supported. You won't be able to ping the inside interface of the FWSM when ping is coming from the outside interface.

You can only ping the interface where the traffic is coming from, ie: if it's routing via the Outside interface, you can only ping the Outside interface, not the Inside interface, and vice versa, if it's routing via the Inside interface, you can only ping the Inside inteface, not the Outside.

So from your test above, after adding route:

route if_inside 202.92.25.254 255.255.255.255 10.1.90.14

--> you can only ping 10.1.90.12 sourcing from loopback0, and you won't be able to ping 10.1.90.4 anymore once the above route is added.