Unable to ping DMZ servers from FWSM

Unanswered Question
Jun 9th, 2009
User Badges:

Hi, I have 6500 switch having FWSM. I have configiure Context in that. I have configure many dmz servers having 10.52.65.x subnet & made policies in context. I am able to ping dmz servers from my inside n/w, but I am unable to ping these servers from FWSM login. I am able to ping the dmz interface. Any idea as I am thinkin NO role of ACL as I have initiated ping from FWSM module. Please help


ip address inside 10.52.64.4 255.255.255.128

ip address outside 10.52.64.132 255.255.255.128

ip address dmz01 10.52.65.132 255.255.255.128

icmp permit any inside

icmp permit any dmz01


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 06/09/2009 - 02:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Rupesh,

just a basic check if you are in multi-context you need to be on the right context.


each context is like a stand-alone FW


so do

sh context

changeto context


from where you should be able to ping DMZ servers


Hope to help

Giuseppe



Rupesh Kashyap Tue, 06/09/2009 - 18:52
User Badges:

Hi, I am able to ping dmz servers from any internal switches as I have allowed icmp on FWSM inside and dmz acl. But I am unable to ping the dmz servers , if login on fwsm.

francisco_1 Wed, 06/10/2009 - 00:29
User Badges:
  • Gold, 750 points or more

Rupesh,


post your FWSM config for us to help you properly.


Francisco.

Actions

This Discussion