cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
454
Views
0
Helpful
3
Replies

FWSM dropping packets of permit rules

maller
Level 1
Level 1

Hi

I'm having a strange issue with a FWSM ,

it has 4 networks ( inside , outside , dmz 1-2)

when i try to connect to an inside host from outside , fwsm denies the connection attempt, but the rule configured permits this traffic.

But when from the inside host I connect to the ouside host , traffic before denied now is permitted. I have modified antispoofing and others but I don't fix it

3 Replies 3

Not applicable

If the traffic does not pass through the FWSM.

Possible Cause : The VLANs are not configured on the switch or are not assigned to the FWSM.

Recommended Action : Configure the VLANs and assign them to the FWSM according to the steps mentioned here:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/switch_f.html#wpxref34592

Jon Marshall
Hall of Fame
Hall of Fame

Sounds like you may have a NAT issue ie. when you connect from inside to outside you build a translation that can then be used from outside to inside.

Could you post the relevant portions of config for the NAT. Also could you detail the source and destination addresses on the inside and outside.

Jon

Hi Jon

yes... there was the command 'nat-control' enabled. I disabled it and now it works

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: