Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
1
Replies

FWSM Stops Forwarding .. corrupting XLATES?

CoetzerJ
Level 1
Level 1

‎07-15-2009 10:38 PM - edited ‎03-11-2019 08:55 AM

I have a FWSM that seperates various segments on the network. For some reason at times connectivity to some hosts stops without any indication why.

I had done some checking and discovered that there seems to be a corrupt XLATE created at times, which results in the FWSM not forwarding traffic properly.

---------------------------

FWSM1# sh xlate detail | incl FS01

> NAT from wan:FS01 to inside:FS01 flags Ii

> NAT from wan:FS01 to wan:FS01 flags Ii

FWSM1#

---------------------------

We have extended OSPF onto the FWSM. What I noticed this morning was that the routing table changed .. probably around the time the fault was reported.

As can be seen in the extract above ther eis a translation from one interface for FS01 back to the same interface for that same server.

Have tried almost all versions of FWSM code, does not make any difference.

Any Ideas?

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎07-16-2009 07:24 PM

Pls. issue "sh run same"

remove "same-security-traffic permit intra-interface"

This will stop these incorrect X-lates from getting created.

Hopefully you do not need that line. You only need that line if you have a need to U-Turn traffic out the same interface where the packet was received on.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card