Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
2
Replies

possible routing issue

deephazz02
Level 1
Level 1

‎02-13-2008 12:50 PM - edited ‎03-05-2019 09:08 PM

Hello,

I have two FW, on is a ASA the other one is a FWSM they're conected to each other via a vlan. So each one of the 2 Fw have an interface on the same VLAN.

they are connected like this :

Fw(10.1.1.1/24) <-> 6500 (used only for layer 2 connectivity) <-> FWSMContext(10.1.1.2/24) <-> VRF{ FWSMContext(10.1.2.2/24) <-> Vlan interface(10.1.2.1/24) etc..}

From the Fw(10.1.1.1/24) I can ping FWSMContext(10.1.1.2/24) but I can't ping FWSMContext(10.1.2.2/24) and everything beyond in the VRF.

interfaces on th fwsm are :

DMZ_Outside 10.1.1.2/24

VRF_Inside 10.1.2.2/24

The sh route on the FWSM looks like this :

S 0.0.0.0 0.0.0.0 [1/0] via 10.1.1.1, DMZ_Outside

S 10.10.10.100 255.255.255.255 [1/0] via 10.1.2.1, VRF_Inside

C 10.1.2.0 255.255.255.0 is directly connected, VRF_Inside

S 1.1.3. 255.255.255.0 [1/0] via 10.1.2.1, VRF_Inside

S 1.1.4.0 255.255.255.0 [1/0] via 10.1.2.1, VRF_Inside

C 10.1.1.0 255.255.255.0 is directly connected, DMZ_Outside

I checked the access-list but I don't see any hitcounts incremented on any of it when pinging the VRF_inside interface from Fw(10.1.1.1/24).

Does anybody have any idea about what could be the reason of this issue?

Regards.

Labels:
0 Helpful
2 Replies 2

didyap
Level 6
Level 6

‎02-19-2008 11:24 AM

Issue the fabric switching-mode force bus-mode config command to fix this. This command forces the fabric connection of the service module to bus mode.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎02-19-2008 12:10 PM

Hi

Okay, before you do as the previous poster suggested be aware that this will reboot the FWSM and potentially some other modules if you have them.

Please check this Field Notice which tells you which modules are affected if you choose to do this.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_field_notice09186a00804093ee.shtml

Also please note this has been fixed with 12.2(18)SXF7.

Finally depending on the other modules in your 6500 if you choose to use the command posted in the other reply be aware you could be degrading the performance across your entire 6500 chassis. It really depends on your modules.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card