cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
314
Views
0
Helpful
2
Replies

Troble with rules in a FWSM and routing...i think

telecom_minec
Level 1
Level 1

   Hi everyone, the issue that im tryin to explain its kinda weird to place it here. Here it goes: I have a 6509 with FWSM module, which uses ospf. Outside the FWSM, its running eigrp (i think this doesnt matter right now, but i put it just in case). I use the FWSM for intervlan routing. So..I have several vlan, but the one with problems its the 71. I have 3 server in that vlan 192.168.71.1; 192.168.71.3; 192.168.71.5 /24. I configure outgoing permissions on the interface 71 so that 192.168.81.116 can reach this 3 servers, and it was working good. A few days ago, the 81.116 cant reach 192.168.71.3, but had no problems with the other two server. I check tje rules on the FWSM and everything was fine, check the access switch and it was ok too. Use my laptop on the server's port in the access switch using 192.168.71.3, but no one can reach me. I can see 192.168.71.3 from the FWSM, but not from other vlan's. It gets worse...doing more troubleshooting and using another access switch with a port in vlan 71 and my laptop with the address 192.168.71.100, giving all the permission in the outgoing from vlan 71, and no one can reach it too!! The thing is that now using the same rules for all the vlan 71, only works for 192.168.71.1 and 71.5 from other vlan. I can see all the vlan, but only from the FWSM. I check all the access list and nothing its denying the access and everything looks fine, my other vlan are running fine.  If someone sees what can be happening. The last thing that can i do is deleting and recreating the vlan. But there must be something else to do. Thanks in advance...

2 Replies 2

Roman Rodichev
Level 7
Level 7

are you running latest FWSM code? I'm running 4.0(13), has been pretty stable

IAN WHITMORE
Level 4
Level 4

Yes it's difficult to get a grasp of whats happening from the description. Are you sure the vlan is assigned to the right group? Is the routing in place OK? Is the vlan being redistributed from OSPF to EIGRP? Can you ping between different memeber of the same vlan 71?

IF it works for 71.1 and 71.5 it could be a MAC issue...if you clear the mac-address table and arp cache does it work for you? Check these things and try. Check the logs too. Check the port the server is connected to...and try to document as much as you can here.

Review Cisco Networking for a $25 gift card