Core issue
In this issue, it is not possible to establish management connection to context on the Cisco Firewall Services Module (FWSM) through VLAN unless the access-list permit ip any any log command is applied on interface vlan. This issue usually occurs if the switch is configured for Distributed EtherChannel.
FWSM does not support packet re-circulation. Packet re-circulation is a specific means to forward packets internally to the chassis between the modules.
Resolution
In order to resolve this issue, force fabric-enabled modules into bus switching mode. This example shows how to force fabric-enabled modules into flow-through switching mode:
Switch(config)#fabric switching-mode force bus-mode
This command forces all affected service modules to communicate through the chassis shared bus instead of the switched fabric, which forces the Supervisor to handle the packet re-circulation centrally instead of the service module. This command also allows the service modules to communicate properly on VLANs.