possible routing issue

Unanswered Question
Feb 13th, 2008
User Badges:

Hello,


I have two FW, on is a ASA the other one is a FWSM they're conected to each other via a vlan. So each one of the 2 Fw have an interface on the same VLAN.


they are connected like this :


Fw(10.1.1.1/24) <-> 6500 (used only for layer 2 connectivity) <-> FWSMContext(10.1.1.2/24) <-> VRF{ FWSMContext(10.1.2.2/24) <-> Vlan interface(10.1.2.1/24) etc..}


From the Fw(10.1.1.1/24) I can ping FWSMContext(10.1.1.2/24) but I can't ping FWSMContext(10.1.2.2/24) and everything beyond in the VRF.


interfaces on th fwsm are :


DMZ_Outside 10.1.1.2/24

VRF_Inside 10.1.2.2/24


The sh route on the FWSM looks like this :



S 0.0.0.0 0.0.0.0 [1/0] via 10.1.1.1, DMZ_Outside

S 10.10.10.100 255.255.255.255 [1/0] via 10.1.2.1, VRF_Inside

C 10.1.2.0 255.255.255.0 is directly connected, VRF_Inside

S 1.1.3. 255.255.255.0 [1/0] via 10.1.2.1, VRF_Inside

S 1.1.4.0 255.255.255.0 [1/0] via 10.1.2.1, VRF_Inside

C 10.1.1.0 255.255.255.0 is directly connected, DMZ_Outside


I checked the access-list but I don't see any hitcounts incremented on any of it when pinging the VRF_inside interface from Fw(10.1.1.1/24).


Does anybody have any idea about what could be the reason of this issue?


Regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Tue, 02/19/2008 - 11:24
User Badges:
  • Silver, 250 points or more

Issue the fabric switching-mode force bus-mode config command to fix this. This command forces the fabric connection of the service module to bus mode.

Jon Marshall Tue, 02/19/2008 - 12:10
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Okay, before you do as the previous poster suggested be aware that this will reboot the FWSM and potentially some other modules if you have them.


Please check this Field Notice which tells you which modules are affected if you choose to do this.


http://www.cisco.com/en/US/products/hw/modules/ps2706/products_field_notice09186a00804093ee.shtml


Also please note this has been fixed with 12.2(18)SXF7.


Finally depending on the other modules in your 6500 if you choose to use the command posted in the other reply be aware you could be degrading the performance across your entire 6500 chassis. It really depends on your modules.


Jon

Actions

This Discussion