Solved: FWSM blockes same-security-traffic

Volker Janusch · ‎03-30-2007

Hi,

Firewall blockes traffic between two level-0 - Interfaces.

"same-security-traffic permit inter-interface" is configured. The Access-list is correct an the log containes without matches:

"Mar 30 13:52:51 pix Mar 30 2007 13:55:13 z084nlf-h008001 : %FWSM-4-106023: Deny udp src OUTSIDE2:10.27.136.253/123 dst OUTSIDE1:10.27.242.45/123 by

access-group "" [0x0, 0x0]"

I do not know wy.

Release: 3.1(3), WS-SVC-FWM-1

Regards.

Volker

Manager DC-Networking, Automation & WLAN
Logicalis GmbH

David White · ‎03-30-2007

You need to specify an ACL on OUTSIDE2 interface to permit that traffic. Currently, no ACL is defined, and therefore, by default all traffic is denied.

Sincerely,

David.

View solution in original post

David White · ‎03-30-2007

You need to specify an ACL on OUTSIDE2 interface to permit that traffic. Currently, no ACL is defined, and therefore, by default all traffic is denied.

Sincerely,

David.

Volker Janusch · ‎03-30-2007

Sorry!!!!!!!!!!!!!!

What an stupid failure:

There was no access-group - command configured.

Many Thanks.

Volker

Manager DC-Networking, Automation & WLAN
Logicalis GmbH

Volker Janusch · ‎03-30-2007

Hi David,

the access-list is already configured on interface OUTSIDE2.

Greatings.

Volker

Manager DC-Networking, Automation & WLAN
Logicalis GmbH