FWSM Route Configuration

Unanswered Question
Feb 21st, 2008

I'm getting this log on my FWSM. Does anybody know why?

<166>Feb 21 2008 10:55:58: %FWSM-6-110001: No route to 192.168.101.1 from 192.168.8.10

I have the following config:

FWSM Version 3.2(4) <context>

!

firewall transparent

hostname ADMIN

!

interface Vlan109

description "Admin Link for Context ADMIN"

nameif REMOTE-ACCESS-IF

bridge-group 9

security-level 0

!

interface Vlan608

description "Outside interface for VLAN 8"

nameif V608OUTSIDE

bridge-group 8

security-level 0

!

interface Vlan8

description "VLAN 8 inside interface"

nameif V8INSIDE

bridge-group 8

security-level 100

!

interface BVI8

description "Intervlan link V8-V608"

ip address 192.168.8.10 255.255.255.0

!

interface BVI9

description "Administrative Interface for Context ADMIN"

ip address 192.168.107.18 255.255.255.248 standby 192.168.107.19

!

object-group network test

access-list vlan8 extended permit ip any any

access-list vlan8 extended permit icmp any any

access-list inside_traffic extended permit ip any any

access-list inside_traffic extended permit icmp any any

logging enable

logging timestamp

logging monitor debugging

logging buffered debugging

logging trap debugging

logging history debugging

logging asdm informational

logging host REMOTE-ACCESS-IF 192.168.101.100

mtu REMOTE-ACCESS-IF 1500

mtu V608OUTSIDE 1500

mtu V8INSIDE 1500

icmp permit any REMOTE-ACCESS-IF

icmp permit any V608OUTSIDE

no asdm history enable

arp timeout 14400

access-group vlan8 in interface V608OUTSIDE

access-group inside_traffic in interface V8INSIDE

route REMOTE-ACCESS-IF 0.0.0.0 0.0.0.0 192.168.107.17 1

snmp-server host REMOTE-ACCESS-IF 192.168.101.100 community xxxx

snmp-server community xxxx

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

telnet timeout 5

ssh 192.168.101.100 255.255.255.255 REMOTE-ACCESS-IF

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amritpatek Wed, 02/27/2008 - 13:08

You can configure a static route from 192.168.8.10 to 192.168.101.1. If you do not require a connection from 192.168.8.10 to 192.168.101.1 and you are getting this log check if some application is trying to access address 192.168.101.1.

Actions

This Discussion