Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
350
Views
0
Helpful
3
Replies

FWSM module problem.

noodles44
Level 1
Level 1

‎06-28-2008 09:28 PM - edited ‎03-11-2019 06:06 AM

hey people, help with this FWSM module,again! traffic is not passing trough firewall. i configure 'access-list 100 extended permit ip any any" and apply to the inside interface. and when i ping outside world i can see that packets hit inbound access-list. i hove default route configured also. but traffic is not going from inside to the outside? what is my problem guys? thanks in advance...

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎06-29-2008 02:52 AM

Can you post output of "sh module" from the 6500 switch.

Also if you apply an outbound access-list on the outside interface of "permit ip any any" do you see any hits on that ?

Jon

0 Helpful

noodles44
Level 1
Level 1
In response to Jon Marshall

‎06-29-2008 04:28 AM

Plaza#sh module

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

1 6 Firewall Module WS-SVC-FWM-1 SAD1148079W

2 48 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX SAL114459AL

5 9 Supervisor Engine 32 8GE (Active) WS-SUP32-GE-3B SAL11488JYS

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------ ------------ -------

1 001e.4a3f.f9be to 001e.4a3f.f9c5 4.2 7.2(1) 3.2(2) Ok

2 001d.a2d4.6138 to 001d.a2d4.6167 7.2 7.2(1) 8.5(0.46)RFW Ok

5 0007.0e5f.3768 to 0007.0e5f.3773 4.5 12.2(18r)SX2 12.2(18)SXF1 Ok

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ ----------- ------- -------

5 Policy Feature Card 3 WS-F6K-PFC3B SAL11488LFM 2.3 Ok

5 Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A SAL11488JSS 4.0 Ok

Mod Online Diag Status

---- -------------------

1 Pass

2 Pass

5 Pass

______________________________________________

and yes i can see hits, and i change security-level from 0 to 1 on the outside interface, and now it works. here is the question-why?

and have another question: can i rate limit on SVI in firewall module? is there any feature like policing? thanks in advance

0 Helpful

noodles44
Level 1
Level 1
In response to noodles44

‎06-29-2008 07:52 AM

and here i have another problem with FWSM: i create in it 6-7 SVI, and now i realize 10-15% traffic lost. i check cpu utilization and it shows 1%. then i configure Switch without firewall, and there is no lost. xm... what can be the problem??? help!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card