FWSM in Multi context in routed mode without NAT/PAT??

Unanswered Question
Dec 15th, 2008


We configured FWSM in multicontext but without NAT/PAT under each context, we have added static routes on the MSFC for reachability of intside vlan under each context but somehow we can't ping from outside LAN to inside context/zone lans.

We have configured permit ip any any on all the interfaces in & out directions as a begining but still can't communicate with the rest of the network.

One more thing is that the FWSM is not connected to Internet it is sitting inside our corporate network.

Need urgent help in this regard, we had scheduled a maintenance window couple of times with a very well chalked out action plan but were forced to roll back to single mode due to the above issue.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 12/15/2008 - 15:54


Things to check

1) Can you ping outside interface of FWSM from MSFC

2) Have you allocated the inside vlans to the FWSM

3) Can you ping the inside interface of each context from a machine within that context.

If you aren't using nat at all can i assume you have no static statements on the FWSM ?

Do any of the contexts have shared interfaces on the inside ?


Farrukh Haroon Mon, 12/15/2008 - 23:03

From the 'OUTSIDE' of the firewall are you trying to ping the firewalls INSIDE interface itself or something at the back of it? Pinging the firewall's interface won't work!

Also are any of your interfaces shared?




This Discussion