Hey all, I'm a little new to the FWSMs and ran into a problem. We have multiple subnets set up on the FWSM, and the FWSM is defaulting correctly (it is not in a redundant config yet, still building the environment).
So one of these subnets has a box that needs to do a remote copy sync with one in another data center, but the two can't reach each other. I have:
- Set up and confirmed default routing from FWSM to other DC
- Confirmed OSPF in other DC has a route back
- Opened the firewall source/dest/ports
This box is already routing (I'm going through it right now), but I'm not getting any logs as to where the packet is dying in the order of operations.
My config looks thusly (opened it wide for testing):
access-list acl_production extended permit ip host 10.x.x.2 object-group [GROUP] log
I then ping into that acl and fail, but no logs are generated. It sounds like the packets are not making it to the acl, but this is just a simple addition to an existing acl that is already working. Is there some way to see if the packets are making it to this box?