FWSM blockes same-security-traffic

Answered Question
Mar 30th, 2007
User Badges:

Hi,


Firewall blockes traffic between two level-0 - Interfaces.

"same-security-traffic permit inter-interface" is configured. The Access-list is correct an the log containes without matches:


"Mar 30 13:52:51 pix Mar 30 2007 13:55:13 z084nlf-h008001 : %FWSM-4-106023: Deny udp src OUTSIDE2:10.27.136.253/123 dst OUTSIDE1:10.27.242.45/123 by

access-group "" [0x0, 0x0]"


I do not know wy.


Release: 3.1(3), WS-SVC-FWM-1


Regards.


Volker

Correct Answer by David White about 10 years 1 month ago

You need to specify an ACL on OUTSIDE2 interface to permit that traffic. Currently, no ACL is defined, and therefore, by default all traffic is denied.


Sincerely,


David.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
David White Fri, 03/30/2007 - 06:59
User Badges:
  • Cisco Employee,

You need to specify an ACL on OUTSIDE2 interface to permit that traffic. Currently, no ACL is defined, and therefore, by default all traffic is denied.


Sincerely,


David.

Volker Janusch Fri, 03/30/2007 - 07:11
User Badges:

Sorry!!!!!!!!!!!!!!


What an stupid failure:


There was no access-group - command configured.


Many Thanks.


Volker

Volker Janusch Fri, 03/30/2007 - 07:05
User Badges:

Hi David,


the access-list is already configured on interface OUTSIDE2.


Greatings.


Volker

Actions

This Discussion