Urgent: need help FWSM-3.2(x) icmp (ping) to the remote side interface

Unanswered Question
Jan 13th, 2009


I have the problem that I need to ping the remote side interface in a multiple context configured fwsm and cannot achieve it. Need this urgently and help is welcome.

Client - (MSFC) - (FWSM)

Ping from to is a RS6000 NIM server and he tries to ping the FWSM Interface which is the default gateway for other RS6000 machines in the secured area.

We use multiple SVI interfaces and the FWSM has a interface with security level 100 and the interface with security level 0

I cannot manage to get a ping from the client to the fwsm interface.

I set icmp inspection, have a permit any icmp on both interfaces.




I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pweichmann Tue, 01/13/2009 - 13:23

Hi Jon,

Thank you very much. I am looking at the command reference and will try to configure management access on the interface.

Is this behaviour described anywhere? We need this because of the Network Installation manager for IBM RS Machines.

Jon Marshall Tue, 01/13/2009 - 13:25


"Is this behaviour described anywhere?"

If you mean the bit about not being able to enter one interface to ping another on the FWSM it is described under the "Usage" section in the link i sent.


pweichmann Tue, 01/13/2009 - 14:09

Hi Jon,

I set the management-access fwsm-saptm-vlan , i.e.

no success, still no answer.

no entries in the debug real time view as well neither for or the standby

Could something be missing?

I tried to configure telnet and ssh access but could not access




pweichmann Tue, 01/13/2009 - 14:19

Hi Jon,

I just saw that in the usage it says from outside to inside only through IPSEC VPN????

I need the access from sec level 100 to sec level 0, which is the other way around.

What if I change switch the sec levels?


The management-access command is supported for the following through an IPSec VPN tunnel only:

•SNMP polls to the management interface

•HTTPS requests to the management interface

•ASDM access to the management interface

•Telnet access to the management interface

•SSH access to the management interface

•Ping to the management interface

•Syslog polls to the management interface


Jon Marshall Tue, 01/13/2009 - 14:30


Good spot i didn't notice the bit about through a VPN.

Do you actually need to ping the FWSM interface or can you not ping some device in the 3.3.3.x vlan. What you are trying to do is not really allowed due to security issues.



This Discussion