FWSM Stops Forwarding .. corrupting XLATES?

Unanswered Question
Jul 15th, 2009

I have a FWSM that seperates various segments on the network. For some reason at times connectivity to some hosts stops without any indication why.

I had done some checking and discovered that there seems to be a corrupt XLATE created at times, which results in the FWSM not forwarding traffic properly.

---------------------------

FWSM1# sh xlate detail | incl FS01

> NAT from wan:FS01 to inside:FS01 flags Ii

> NAT from wan:FS01 to wan:FS01 flags Ii

FWSM1#

---------------------------

We have extended OSPF onto the FWSM. What I noticed this morning was that the routing table changed .. probably around the time the fault was reported.

As can be seen in the extract above ther eis a translation from one interface for FS01 back to the same interface for that same server.

Have tried almost all versions of FWSM code, does not make any difference.

Any Ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Thu, 07/16/2009 - 19:24

Pls. issue "sh run same"

remove "same-security-traffic permit intra-interface"

This will stop these incorrect X-lates from getting created.

Hopefully you do not need that line. You only need that line if you have a need to U-Turn traffic out the same interface where the packet was received on.

Actions

This Discussion