FSWM Routed Context Issue

Answered Question
Oct 24th, 2008
User Badges:

I have configured routed context in FWSM but it's not communication event with outside and inside directly connect router (MSFC). When I try to ping outside router IP address it show error in debug.


Denied ICMP type=0, code=0 from 192.168.15.5 on interface outside


I have configured IP any any and ICMP any any on both interfaces.



Attachment: 
Correct Answer by Syed Iftekhar Ahmed about 8 years 6 months ago

As I said earlier in order to ensure that the Ping reply reaches FWSM you need to use "icmp permit any outside" command.


ACLs are only used for traffic through the FWSM .


Syed Iftekhar Ahmed

Correct Answer by ajagadee about 8 years 6 months ago

Hi,


Can you configure "icmp permit any outside" and then try pinging again and see if you get a response.


Regards,

Arul


*Pls rate if it helps*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
ajagadee Fri, 10/24/2008 - 09:01
User Badges:
  • Cisco Employee,

Hi,


Can you configure "icmp permit any outside" and then try pinging again and see if you get a response.


Regards,

Arul


*Pls rate if it helps*

Syed Iftekhar Ahmed Fri, 10/24/2008 - 14:26
User Badges:
  • Blue, 1500 points or more

Add the following


access-list 209 extended permit icmp any any


Syed Iftekhar Ahmed

Muhammad Zubair Sun, 10/26/2008 - 22:12
User Badges:

I have already permited ICMP on both interfaces. but the problem is still there.

Syed Iftekhar Ahmed Mon, 10/27/2008 - 01:03
User Badges:
  • Blue, 1500 points or more

Are you pinging from the FWSM or from a host connected to inside interface?


If you are pinging from the FWSM and not "through" the fwsm the ping is permitted or denied based on the icmp command.


Use


icmp permit 0 0 outside


If it were a ping through the FWSM it would

be controlled via an ACL.


Syed Iftekhar Ahmed

Muhammad Zubair Mon, 10/27/2008 - 02:14
User Badges:

I am Ping it from FWSM and ACL configured for ICMP on both intface (inside, outside).

Correct Answer
Syed Iftekhar Ahmed Mon, 10/27/2008 - 02:22
User Badges:
  • Blue, 1500 points or more

As I said earlier in order to ensure that the Ping reply reaches FWSM you need to use "icmp permit any outside" command.


ACLs are only used for traffic through the FWSM .


Syed Iftekhar Ahmed

Actions

This Discussion