10-02-2013 04:37 PM - edited 03-11-2019 07:46 PM
I am unable to ping the interface IP from any other vlan interfaces attached to FWSM.
for eg: fwsm vlan 10
nameif DMZ1
ip 10.20.20.1/24 I have host in vlan 10 , that ip is 10.20.20.100
vlan 50
nameif inside
ip 10.100.100.1/24
my laptop is connected to one network , I can ping 10.20.20.100/24 which is a server ip and the default gatewsy is 10.20.20.1, I can not ping 10.20.20.1 what should be the reason?
Can anyone help me on this ?
10-03-2013 04:14 AM
Hi Mohammed,
Have you created access-list to allow traffic between the vlans? because once you name the vlan "inside" it will get a security-level 100, which will by default block everything from outside or from lower security-levels
10-03-2013 06:17 AM
Hi,
I am wondering where you are pinging the IP 10.20.20.1 from? Is it from the host 10.20.20.100?
If that is not working then add
icmp permit any DMZ1
Though to my understanding ICMP should work to the interfaces by default.
If you are trying to ping 10.20.20.1 from the network 10.100.100.0/24 then this wont work to my understanding. Cisco firewalls wont let you ping an interface IP address from behind another interface on the same firewall.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide