FWSM Inter-Context traffic

Unanswered Question
Jul 10th, 2009
User Badges:

I have a FWSM with 2 contexts. The OUTSIDE interfaces are each in their own L3 vlan and in a common VRF. (ie: both next to each other looking out)

I am having a problem getting traffic from one FW to go out C1 and enter C2. I can ping all the outside interfaces but not through the FW (from other FW and inside client).

Any ideas???

running v4.03

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yagnesh_tel Sun, 07/12/2009 - 04:26
User Badges:
  • Silver, 250 points or more

Considering you have allowed this communication through ACL in these contexts, you should provide routing in MSFC for inside vlans using static routes. These static routes should be pointing to outside interfaces of the respected contexts. For example:


ip route vrf [vrf name] [inside vlan & subnet mask] [outside interface]

trevora Sun, 07/12/2009 - 05:27
User Badges:

It turned out that one of our engineers changed the inside interface IP and got the subnet mask wrong. Once I fixed that it started working.

I was concerned that it it may have been related to the clasifier as we are not doing nat for all traffic. I would have then had to put in a bunch of static nat rules. It seems the FWSM does not support a manual MAC addr to be defined on the interfaces like the ASA allows.

Actions

This Discussion