FWSM: Not initiating Inbound (equal security - not NATting)

Unanswered Question
Nov 29th, 2007

I'm testing equal security (80, 80) on internet facing and intranet facing interfaces.

I can originate traffic in the intranet side and receive the retun traffic from internet side.

However, I'm not able to receive traffic when originated in the internet side.

May I have some advice on this please?

Info:

-----

FWSM Firewall Version 2.3(4)

FWSM Device Manager Version 4.1(3)

Config Abstracts:

----------------

FWSM#

!

!

nameif vlan2047 mgmt security90

nameif vlan4094 outbound security80 !!----------facing internet

nameif vlan4047 inbound security80 !!----------facing intranet

!

ip address mgmt 10.220.251.4 255.255.255.0

ip address outbound 10.192.3.50 255.255.255.240

ip address inbound 172.16.1.10 255.255.255.252

!

!

ftp mode passive

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 H225 1720

fixup protocol h323 ras 1718-1719

fixup protocol rsh 514

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521

!

!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sbaddipu Thu, 11/29/2007 - 11:07

I forgot, but there is a command to permit traffic between same security levels. Can you try that? same-security-traffic permit inter-interface. You may also try nat-control. Also you need to permit on the inside interface (fwsm is different from PIX)

Satya

s.srivas Fri, 11/30/2007 - 01:41

"same-security-traffic permit inter-interface"

the above command is already inplace (i should have included this before). I need to look into Nat-control to see how this will fit in a situation without nating requirment.

I also want to know if the choice of context and system may make the difference for same-security-level. Please also view the o/p regarding context (Shows context as system) and.

FWSM# show resource usage

Resource Current Peak Limit Denied Context

SSH 1 2 5 0 System

Conns 3151 83760 unlimited 0 System

Xlates 7415 26399 unlimited 0 System

Hosts 7415 26399 unlimited 0 System

Conns [rate] 186 9114 unlimited 0 System

Fixups [rate] 40 8840 unlimited 0 System

BS-6506-FWSM#

Actions

This Discussion