06-28-2008 09:28 PM - edited 03-11-2019 06:06 AM
hey people, help with this FWSM module,again! traffic is not passing trough firewall. i configure 'access-list 100 extended permit ip any any" and apply to the inside interface. and when i ping outside world i can see that packets hit inbound access-list. i hove default route configured also. but traffic is not going from inside to the outside? what is my problem guys? thanks in advance...
06-29-2008 02:52 AM
Can you post output of "sh module" from the 6500 switch.
Also if you apply an outbound access-list on the outside interface of "permit ip any any" do you see any hits on that ?
Jon
06-29-2008 04:28 AM
Plaza#sh module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 6 Firewall Module WS-SVC-FWM-1 SAD1148079W
2 48 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX SAL114459AL
5 9 Supervisor Engine 32 8GE (Active) WS-SUP32-GE-3B SAL11488JYS
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 001e.4a3f.f9be to 001e.4a3f.f9c5 4.2 7.2(1) 3.2(2) Ok
2 001d.a2d4.6138 to 001d.a2d4.6167 7.2 7.2(1) 8.5(0.46)RFW Ok
5 0007.0e5f.3768 to 0007.0e5f.3773 4.5 12.2(18r)SX2 12.2(18)SXF1 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
5 Policy Feature Card 3 WS-F6K-PFC3B SAL11488LFM 2.3 Ok
5 Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A SAL11488JSS 4.0 Ok
Mod Online Diag Status
---- -------------------
1 Pass
2 Pass
5 Pass
______________________________________________
and yes i can see hits, and i change security-level from 0 to 1 on the outside interface, and now it works. here is the question-why?
and have another question: can i rate limit on SVI in firewall module? is there any feature like policing? thanks in advance
06-29-2008 07:52 AM
and here i have another problem with FWSM: i create in it 6-7 SVI, and now i realize 10-15% traffic lost. i check cpu utilization and it shows 1%. then i configure Switch without firewall, and there is no lost. xm... what can be the problem??? help!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: