Hello

I have the following problem

I am working with security contexts on a FWSM installed on a cat 6500

(I strongly recommend that you take a look at the topology diagram at this point)

My problem is that I can't make server SIRE_APP located on DMZ_SIRE

to communicate with any other host on any other VLAN UNLESS

i manually configure the VLANS I want to communicate with on the CAT 6500

for instance....

In order for server SIRE_APP (172.29.2.5) (VLAN 11 -->172.29.2.0) to communicate with server DNSin (172.29.1.2) (VLAN4 -->172.29.1.0)

i have to manually enter the following lines on the CAT 6500

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

interface Vlan11

description DMZ_SIRE (configured on context EXTRA)

ip address 172.29.2.254 255.255.255.0

no shutdown

interface Vlan4

description DMZ (configured on context EXTRA)

ip address 172.29.1.254 255.255.255.0

no shutdown

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Then I have to manually change the SIRE_APP server's default gateway to point to

ip 172.29.2.254 (vlan 11) configured on the CAT 6500 instead of pointing

to the ip 172.29.2.1 (configured as an interface on contect EXTRA)

BUT if I do this ALL other hosts on ANY other vlans can't communicate with servers on the DMZ (VLAN4)

Meanwhile....

NONE of this is (or was necessary) in order for servers on VALN 4

DNSin, OASin to communicate with hosts on any other VLANS

I have setup CAPTURES (raw-data & asp-drop types) but the problem is not an access-list, I have try several NATs but still the same...

I have attached the run config for context EXTRA, context INTRA and context system (CONTEXTS.txt)

and relevan info on the running-config for the CAT 6500 (CAT 6500 with changes)

I'll appreciate any help on this issue

Glenn